Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich found a remotely exploitable Windows vulnerability that Ormandy called he worst in recent memory.

Microsoft eased some anxiety over the latest ShadowBrokers dump of Windows zero days with news most of the vulnerabilities had already been patched.

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.

Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday.

Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming Patch Tuesday.

Microsoft on Tuesday patched a vulnerability in LSASS, the second attempt it has taken at fixing a remote denial-of-service issue in the critical Windows process.

Adobe’s first scheduled patch release of 2017 includes updates for Flash Player, Reader and Acrobat.

Mike Mimoso and Chris Brook discuss the news of the week including Yahoo’s latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches.

Microsoft patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet.

As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows.