Kevin Beaumont on Nostr: ...
https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/
Ars has a good look at this one.
My take - it may well have been a bunch of technical work to fix the vulnerability, absolutely. But Microsoft can afford to resource this stuff - it’s one of the most profitable companies on earth, and they end to end own and create 100% of the code.
To again repeat one plea for vulnerability researches - publish public timelines on blogs about disclosures. It would create visibility of how long fixes take, and encourage accountability.
Ars has a good look at this one.
My take - it may well have been a bunch of technical work to fix the vulnerability, absolutely. But Microsoft can afford to resource this stuff - it’s one of the most profitable companies on earth, and they end to end own and create 100% of the code.
To again repeat one plea for vulnerability researches - publish public timelines on blogs about disclosures. It would create visibility of how long fixes take, and encourage accountability.