On Friday night, security researcher Tavis Ormandy of Google’s Project Zero announced on Twitter that he had found a Windows bug. Well, not just any bug. It was “crazy bad,” Ormandy wrote. “The worst Windows remote code exec in recent memory.” By Monday night, Microsoft had released an emergency patch, along with details of what the vulnerability entailed. And yes, it was every bit as scary as advertised.
That’s not only because of the extent of the damage hackers could have done, or the range of devices the bug affected. It’s because the bug’s fundamental nature underscores the vulnerabilities inherent in the very features meant to keep our devices safe.