2018 Archive

Google just caught a “Crazy Bad” flaw in Microsoft Windows while Microsoft seems to have already got it fixed

Microsoft Windows Crazy Bad Flaw

White hat hackers have always been a helping hand for bigger enterprises but sometimes, companies get annoyed by their constant pinpointing too! Google’s security experts Tavis Ormandy is a part of the team which helps other companies to get their bugs fixed by properly informing them. Mr. Ormandy recently tweeted that he, along with one of his fellows has found a “Crazy Bad” error in the Microsoft’s OS, Windows.

I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. ???

— Tavis Ormandy (@taviso) May 6, 2017

What Is This “Crazy Bad” Error

Well, till yet, nothing is known about the error much as the tweet is a very short and brief one. What the world has to come to know after some of the R&D in this matter, is that this potential malware attack works on a default Windows install and the prey to this attack does not necessarily need to be on the same Local Area Network on which the attacker is. Other than this, no further details are known but if Ormandy’s statement is taken into consideration, this bug seems like a pretty critical one.

Windows Users Don’t Need To Panic

Well, this problem may be a serious one but what the other side of the picture tells is a bit satisfying and soothing to the soul. Microsoft is fully aware of the fact and they released a statement as a response to this fiasco:

Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.

Latest Update Has Already Fixed The Remote Code Execution Error

The RCE Error seems to be fixed already as per today’s date. As the previous Tuesday was a Patch Tuesday for Microsoft, so they released an automatic update to fix the said issue. The company released the following statement regarding this problem:

We released an automatic update to our antimalware engine on Monday, May 8, and customers are protected. More information is available in our security advisory.

Google’s Response To The Bug Fix

Tavis Ormandy who discovered the bug in the first place acknowledged Microsoft’s quick response and tweeted in this matter.

@skjpope @natashenka What an amazing response, thanks so much Simon and MSRC! That was incredible work.

— Tavis Ormandy (@taviso) May 9, 2017

According to Microsoft’s press releases, any of the Windows users doesn’t need to take any specific action to combat the situation.

Related posts