[ZiiS]

As the strongest OS advocate who has not ran Windows in a quarter century and is posting this over a Wireguard link; the is some double standards here. A corporate VPN vender who did not ensure they received all notifications from Microsoft regarding a certificate that effectively let's them root millions of computers would be a strong signal of concern.

[threatripper]

It goes both ways. Probably both parties are partially to blame here. But it is clear that this corporation did not provide a sensible support channel for such an important project to resolve the situation quickly.

[ZiiS]

Yes 100% Microsoft is at fault, I just ment anyone working with them should expect at least communication problems and needs to work to keep the channels open.

[ziml77]

Really? At my workplace if we had a vendor email us about needing to take some action to continue being able to work with them, but we didn't follow through with that, any business disruption would be squarely on us for not handling it. At the very least even if we can't meet a supposed deadline, we need to work with the vendor to get extensions if possible, and if that's not possible then we either need to mitigate the impact or get more resources on the changes ASAP.

[ZiiS]

The claim is they didn't get any email, not that they ignored it. It feels reasonable to expect Microsoft to have tried an alternative contact method given they are very high profile and easy to contact projects.

[ziml77]

Oh ok I misunderstood. I'm in full agreement then, and that flips back to being fully on Microsoft.