Two IBM security experts discovered a critical vulnerability in Windows that allows remote code execution. Working in Project Zero, researchers Natalie Silvanovich and Tavis Ormandy described the problem as "the worst possible memory vulnerability in Windows that allows them to remotely execute code".

Experts did not provide any details, but only published a few rather vague tweets. "This is horribly bad. The report is in process, "Ormandi told Twitter on last Saturday. Nevertheless, according to the numerous requests of the community, the expert revealed several details about the vulnerability:.

To successfully implement an attack, the attacker and the victim need not be on the same local network.

The attack can be performed on Windows with the default settings. That is, the attacked system does not need to install additional software.

The attack is self-replicating (like a worm).

Vulnerability reports appeared a few days before the scheduled monthly updates of Microsoft. The problem can be rectified already tomorrow, May 9, and then experts will be able to provide more details about the vulnerability.