|
|
|
|
|
|
by iJohnDoe
23 days ago
|
|
|
I know this is a cynical approach, but I imagine most security flaws in Microsoft products are somewhat intentional. Either by purposefully putting them there or by willingly ignoring them. It’s widely known how much Microsoft cooperates with three letter agencies. I think they are in a bind on how to act in these situations. They don’t want to acknowledge or fix the 0-day vulnerabilities because they don’t know if those are in use via state sponsored operations. Either they deal with customer fallout or they deal with the grief from their agency liaisons that they interrupted a multi-year operation by fixing the 0-day. Vulnerability researchers really should avoid reporting to Microsoft and just sell them instead. |
|
|