Microsoft's stance on zero day exploits is a dumpster fire of their own making (opens in new tab)

(doublepulsar.com)

77 points_tk_24d ago32 comments

32 comments

21 comments · 6 top-level

JumpCrisscross24d ago· 7 in thread

> Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?

Publicly publishing an exploit is so obviously First Amendment-protected activity that it’s almost tempting to want a test case.

avaer24d ago

It's also quite the blame gymnastics. The code that enables the bad actors was written, published, and distributed at massive scale by Microsoft. The "crime" they are accusing the researcher of is telling the world about it.

It would be an interesting case if the defendant had good representation.

rurban22d ago

The interesting case seen to be that the researcher apparently got laid off recently by this MS team, and thus has a 6 month NDA. Apparently he still tried to get bug bounties from inside knowledge of these criminal backdoors. That's what is being talked about behind.

A true popcorn case if this would go to court. Would cause lot of governments to think about their backend choices.

bigfatkitten24d ago

I’d love to see Microsoft try it on. The defence witnesses in any such trial are going to show up holding all kinds of receipts that Microsoft would prefer didn’t see the light of day.

1970-01-0124d ago

Straight to jail for you, citizen. Distribution of 0day for lulz has been criminal since 2022. You're free to try and get away with it under any and all amendments. IANAL!

https://krebsonsecurity.com/2022/06/what-counts-as-good-fait...

JumpCrisscross24d ago

> Distribution of 0day for lulz has been criminal since 2022

Skimmed the article. Not seeing it support your claim.

1 more reply

gremlinunderway24d ago

Re-read the beginning of the First Amendment, because it's such a common mistake that I'm surprised people still make it:

"Congress shall make no laws ... "

The first amendment bars the *government* from infringing on your free speech. It has zero standing or bearing on private citizens or corporations.

Which is why people crowing about it on social media or universities are completely oblivious to the fact that these organizations have absolutely zero responsibility to enable your free speech.

avaer24d ago

Microsoft's blog is calling this criminal activity. They are threatening to bring in the government to go after this speech.

This is a first amendment issue.

1970-01-0124d ago· 4 in thread

>Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?

This is what happens when you jump the gun and publish without doing any research. The author needs to lookup how the CFAA works. Now, yesterday, and a decade ago, you couldn't just drop some exploit and walk away rambling about your rights. Dumpster fire takes are everywhere online.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...

bigfatkitten24d ago

Notice how the blog post is attributed to “MSRC Team”. The author (or their manager) is too cowardly to put their own name to the piece.

angry_octet24d ago

You're referring to completely tangential cases.

Maybe you should look up who the author is.

keepupnow24d ago

Have respect for the researcher, they are incredibly talented and generous.

1970-01-0123d ago

A bad take is a bad take.

h4kunamata24d ago· 2 in thread

Since Microsoft took over GitHub, everything went to shit.

GitHub, dead!

Windows, dead!

Xbox, dead!

Now security analysts blacklisted for disclosuring vulnerabilities.

Wait until the big players decide to ditch Microsoft altogether, I mean, why help when you are penalized for it??

With Microsoft doing so many things wrong, and users migrating to Linux because even Windows softwares have become evil, and security analysts jumping ship, let me tell ya, Copilot or even Mythos won't save you. AI is as good as the data it was trained on while humans adapt on the fly.

h4kunamata24d ago

EDIT: This security analysts promised to release something big on July 14, 2026

Boy oh boy, Microsoft started a war they cannot afford to loose, and yet they already lost.

justinclift23d ago

It's crazy MS are doing this after the US Gov people publicly lambasted them (ie https://www.inc.com/kit-eaton/why-a-former-white-house-cyber...), with MS then promising to make security a core thing at MS to fix the problem.

This isn't "fixing the problem" at all. It's the opposite of fixing the problem.

1 more reply

snickerbockers24d ago· 2 in thread

Those are some very bold legal threats considering their founder is an epstein associate.

1970-01-0124d ago

Considering Bill hasn't been Microsoft CEO for only 2.6 decades, these things are probably directly related.

keepupnow24d ago

Bill is still pulling the strings.

angry_octet24d ago

If you can't win the game, don't play by the rules.

TacticalCoder24d ago

> Microsoft's stance on zero day exploits is a dumpster fire of their own making

The words "'s stance on zero day exploits" are unnecessary in the above sentence.

j / k navigate · click thread line to collapse

32 comments

21 comments · 6 top-level

JumpCrisscross24d ago· 7 in thread

> Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?

Publicly publishing an exploit is so obviously First Amendment-protected activity that it’s almost tempting to want a test case.

avaer24d ago

It would be an interesting case if the defendant had good representation.

rurban22d ago

A true popcorn case if this would go to court. Would cause lot of governments to think about their backend choices.

bigfatkitten24d ago

I’d love to see Microsoft try it on. The defence witnesses in any such trial are going to show up holding all kinds of receipts that Microsoft would prefer didn’t see the light of day.

1970-01-0124d ago

Straight to jail for you, citizen. Distribution of 0day for lulz has been criminal since 2022. You're free to try and get away with it under any and all amendments. IANAL!

https://krebsonsecurity.com/2022/06/what-counts-as-good-fait...

JumpCrisscross24d ago

> Distribution of 0day for lulz has been criminal since 2022

Skimmed the article. Not seeing it support your claim.

1 more reply

gremlinunderway24d ago

Re-read the beginning of the First Amendment, because it's such a common mistake that I'm surprised people still make it:

"Congress shall make no laws ... "

The first amendment bars the *government* from infringing on your free speech. It has zero standing or bearing on private citizens or corporations.

Which is why people crowing about it on social media or universities are completely oblivious to the fact that these organizations have absolutely zero responsibility to enable your free speech.

avaer24d ago

Microsoft's blog is calling this criminal activity. They are threatening to bring in the government to go after this speech.

This is a first amendment issue.

1970-01-0124d ago· 4 in thread

>Hang on.. proof of concept exploit creation and distribution for zero days is “criminal activity” now?

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...

bigfatkitten24d ago

Notice how the blog post is attributed to “MSRC Team”. The author (or their manager) is too cowardly to put their own name to the piece.

angry_octet24d ago

You're referring to completely tangential cases.

Maybe you should look up who the author is.

keepupnow24d ago

Have respect for the researcher, they are incredibly talented and generous.

1970-01-0123d ago

A bad take is a bad take.

h4kunamata24d ago· 2 in thread

Since Microsoft took over GitHub, everything went to shit.

GitHub, dead!

Windows, dead!

Xbox, dead!

Now security analysts blacklisted for disclosuring vulnerabilities.

Wait until the big players decide to ditch Microsoft altogether, I mean, why help when you are penalized for it??

h4kunamata24d ago

EDIT: This security analysts promised to release something big on July 14, 2026

Boy oh boy, Microsoft started a war they cannot afford to loose, and yet they already lost.

justinclift23d ago

This isn't "fixing the problem" at all. It's the opposite of fixing the problem.

1 more reply

snickerbockers24d ago· 2 in thread

Those are some very bold legal threats considering their founder is an epstein associate.

1970-01-0124d ago

Considering Bill hasn't been Microsoft CEO for only 2.6 decades, these things are probably directly related.

keepupnow24d ago

Bill is still pulling the strings.

angry_octet24d ago

If you can't win the game, don't play by the rules.

TacticalCoder24d ago

> Microsoft's stance on zero day exploits is a dumpster fire of their own making

The words "'s stance on zero day exploits" are unnecessary in the above sentence.

j / k navigate · click thread line to collapse