Will Dormann on Nostr: Note that this is only now officially CVE-2024-38217, and Microsoft has released a ...
Note that this is only now officially CVE-2024-38217, and Microsoft has released a fix for it:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217
Why did this public, exploited-in-the-wild vulnerability not get a CVE for more than a month?
It's because Microsoft doesn't follow CVE CNA rules, and they only assign CVEs to updates, rather than vulnerabilities.
It's also because MITRE doesn't follow the CVE CNA rules, functioning as a CNA-LR (they ignored the request to get this issue a CVE).
Great job, folks!
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217
Why did this public, exploited-in-the-wild vulnerability not get a CVE for more than a month?
It's because Microsoft doesn't follow CVE CNA rules, and they only assign CVEs to updates, rather than vulnerabilities.
It's also because MITRE doesn't follow the CVE CNA rules, functioning as a CNA-LR (they ignored the request to get this issue a CVE).
Great job, folks!