Dan Goodin on Nostr: Microsoft said today that Russian hackers have been exploiting the vulnerability ...
Microsoft said today that Russian hackers have been exploiting the vulnerability tracked as CVE-2020-38028 since at least 2020. That would make it an 0day at the time Microsoft patched it in October 2022. And yet, Microsoft has never acknowledged that vulnerability as such. What's up with that?
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-38028