A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix. […]
maybe we should just go back to posting the exploits publicly with zero warning. fuck em.
While that would hurt end users more than the customers themselves, it might eventually teach those upstream a valuable lesson.