Recent searches
Search options
Me to MSRC: Words clearly describing a vulnerability, with supporting screenshots of the commands I typed and the response that Windows gives.
MSRC: Can you please provide a video showing the behavior you are seeing?
Me: ...
I get that people doing grunt work have mostly-fixed workflows that they go through with common next steps.
But to request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?
MSRC to me just now:
As requested, please provide clear video POC (proof of concept) on how the said vulnerability is being exploited? We are unable to make any progress without that. It will be highly appreciated.
Time to make a 10-minute-long video of me pressing enter in CMD.EXE...
I get it that kids these days can't comprehend anything that doesn't live in TikTok. But for MSRC to not accept a clearly worded vulnerability report that doesn't have an associated video with it...
Fine. You want compliance? (Malicious) compliance is what you'll get.
https://www.youtube.com/watch?v=fI84ATvG_xw
"Don't make vulnerability reporters angry" is not high on anybody's list, it seems.
@wdormann I feel like they watched your video / observed the YouTube URL and were like "oh two can play at this game".
@wdormann lol... sadly very pertinent here :(