Credit: Tavis Ormandy, Natalie Silvanovich, Mateusz Jurczyk (j00ru), Junghoon Lee (lokihardt), Ian Beer
Windows 8 and newer have a Malware Protection service that runs in the background with SYSTEM privileges, unsandboxed, and parses all files written to disk with no user interaction, in a plethora of different file formats. After Tavis Ormandy discovered the scary and easily accessible attack surface and ported the component to Linux, he and other members of P0 proceeded to identify and report a number of critical RCE vulnerabilities. These included bugs in the parsing of executable files, the x86 emulation layer, and a number of serious issues in the internal Javascript interpreter.