Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windows RCE in recent memory. And if it is in Windows, then a multitude of people are at risk until it is patched.

The question is, though, if the existence of a critical flaw is disclosed shortly before Patch Tuesday, will Microsoft scramble to immediately close that hole or will the company sit on it and wait out the 90-day disclosure deadline? We will find out tomorrow on Patch Tuesday if Microsoft took immediate action to close a “crazy bad” RCE flaw in Windows that was discovered by Google’s zero-day finders.

He and fellow Project Zero researcher Natalie Silvanovich had discovered not just an RCE in Windows, but the “worst Windows remote code exec in recent memory.” He went so far as to call it “crazy bad.”

The expert has not shared any details, but he has clarified that their exploit works against default Windows installations, and the attacker does not need to be on the same local area network as the victim. He also said the attack is “wormable.”

Microsoft hasn’t commented the discovery, let’s see if the tech giant will fix the issue with the May 2017 Patch Tuesday scheduled tomorrow.

Google Project Zero researchers find ‘crazy bad’ Windows RCE flaw