I’m ok with good turning on corporate evil or stupidity.
I’m ok with good turning on corporate evil or stupidity.
Archive: https://archive.today/nKVR4
From the post:
>Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process. Since, the security issue has no official patch and there is no update to address it, the flaw is considered a zero-day by Microsoft's definition.
Archive: https://archive.today/nKVR4
From the post:
>>Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process.
Since, the security issue has no official patch and there is no update to address it, the flaw is considered a zero-day by Microsoft's definition.
MS are not the first project maintainers to do this. The CUPS (Common UNIX Printing System™) team repeatedly refused to admit they had a severe vulnerability no matter how the security researcher tried to explain it to them, so he adopted their opinion and disclosed it publicly. It wasn’t sensitive information, according them. Then the rest of the world told them to fix it right away.
I can only imagine the response you’d get from the IT / security pajeets at any major company.
MS are not the first project maintainers to do this. The CUPS (Common UNIX Printing System™) team repeatedly refused to admit they had a severe vulnerability no matter how the security researcher tried to explain it to them, so he adopted their opinion and disclosed it publicly. It wasn’t sensitive information, according them. Then the rest of the world told them to fix it right away.
I can only imagine the response you’d get from the IT / security pajeets at any major company.