RE: https://infosec.exchange/@wdormann/116755475429413960
The CVE cabal letting the foxes run the henhouses (i.e., vendors being CNAs) has had and will continue to have real, tangible, negative consequences.
But, lol nothing matters, right? EPSS will save us! #notIfThereAreNoCVEs
hrbrmstr πΊπ¦ π¬π± π¨π¦
I just realized that I'm personally "credited" in April's Microsoft Patch Tuesday with a CVE-less "Defense-in-depth" update.
The vulnerability?
CAB files downloaded from the internet do not write the MotW for files extracted from them.
I reported this to [β¦]
[Original post on infosec.exchange]
