[mortb]

Another piece of context, the article says that the issue was resolved together with Huawei. Why then make a publicly available article about it naming the company? Why not just patch and pretend that there were no issue, or patch and with a more generic description "we have implemented a mechanism to monitor drivers that might try to execute arbitrary code"?

[tastroder]

That happens all the time as it's relatively normal to do so in this type of disclosure . With the political focus on Huawei these days it's likely just people noticing this message more than others, it's not like other big manufacturers show better security practices. With Huawei in particular, MS as a US company really couldn't have omitted the name from the disclosure without being put in a weird spot later down the road.

While I agree with other posters that the wording of this disclosure is unnecessarily mixed with a PR piece, naming companies for me is crucial as it allows end users to assess their own impact o f a vulnerability and also puts a public track record on these vendors.

[emmelaich]

If you don't mention the company you implicate everyone.