Safety of Google’s experts has found another unpatched vulnerability on Microsoft Windows, the gravity of the platform which they estimate as high as possible.
Working in the framework of the project Zero Tavis Ormandy and Natalie Silvanovich weekend made the announcement, describing his discovery as the most dangerous vulnerability with the possibility of remote code execution. Of course, the details are not disclosed.
Attacks using this vulnerability triggered by default when you install Windows, it is not necessary to be on the same local network. Microsoft has yet to respond to this statement, as usual, it has 90 days to patch the issue. If he will not, details regarding this visibility will be published, that is the policy Google Project Zero program.
This is not the first vulnerability that Google disclose in Microsoft operating systems. Over the last year, there were at least two cases when Google released the results even before Microsoft released updates. In February, it was disclosed the vulnerability in Microsoft browsers, which was closed in next Tuesday’s patch. This time, Tuesday’s patch comes out May 9th, so the probability of seeing their desired update is small. This means that users can remain unprotected for months.