So the above Tweet came along, but the way it was framed it was not very worthy reporting, because it was nothing actionable: »I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.«
And reported and handled it was, in record time. This is now public on Project Zero, and a fix is being rolled out to all current Windows.
Somewhere, someone is crying, because this the the perfect, stable, universal, remotely exploitable Windows Exploit and they have probably paid millions for this – and now it is worthless and burnt.