> Microsoft provided an API to help validate the signatures cryptographically but did not update these libraries to perform this scope validation automatically