[HN Gopher] Microsoft Patches Six Zero-Day Security Holes
___________________________________________________________________
Microsoft Patches Six Zero-Day Security Holes
Author : parsecs
Score : 86 points
Date : 2021-06-08 20:55 UTC (2 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| joenathanone wrote:
| Do the Microsoft links not work for anyone else too? I get a
| "Something went wrong" error on all the links. Would like to read
| more about specific vulns.
| paulpauper wrote:
| which probably means there are many more unreported and being
| used ,such as by FBI. you wonder how purportedly unhackable btc
| wallets get hacked? Now you know. these agencies have huge trove
| of exploits for all OS and browsers
| [deleted]
| afrcnc wrote:
| Wow... patch tuesday analysis from a reporter who doesn't know
| how virus total works
| https://twitter.com/silascutler/status/1383085248381128715
| underscore_ku wrote:
| just use use linux...
| scoofy wrote:
| uhh... there are zero-days in linux distros
| __turbobrew__ wrote:
| Just use templeOS...
| maxrev17 wrote:
| Adding local weather to my task bar but unable to fix display
| scaling issues and leaving tonnes of zero days.... Lolz
| joeyrobert wrote:
| Yeah, let's get that weather app engineer working on NTFS
| privilege flaws.
| spand wrote:
| What a silly straw man. Engineers may not be fungible but
| funding is.
| tux3 wrote:
| And why not :)
|
| People have different preferences for what they like to work
| on, but you seem to be implying the weather app engineers are
| incapable of doing that work. Like they're some kind of lower
| caste that must be kept away from working on security
| mitigations for filesystem drivers.
|
| I don't believe there's some category of human that's capable
| of shipping Windows 10 feature apps, and only that. People
| can move internally! People can leave and other people can be
| hired. It's all priorities and task allocation.
|
| The impression I get (and please correct me) is not really
| that there's an oversupply of news feed app builders on the
| market, but that the Windows team at Microsoft has been
| shifting to more user-facing features rather than internal
| deep kernel work.
| coolspot wrote:
| There are many engineers who do super-boring stuff as main
| work, working on mind-bogglingly hard problems afterhours.
|
| Also that weather-widget engineer could do some basic tasks
| offloading more experienced engineer, who would offload even
| more experienced engineer until that chain of offloading
| makes enough time for NTFS-ninja to hunt down and fix that
| bug or write a fuzzer that finds new zero-days.
| maxrev17 wrote:
| Haha yeah... I think it shows where their overall focus is
| placed.
| waynesonfire wrote:
| absolutely. and if there is a skill gap then train them so
| they can.
| KMnO4 wrote:
| Training isn't some magical way to transform an engineer
| with a skill set into one with a different skillset.
|
| I don't think it'd be possible to train the React dev in
| kernel programming unless they had a serious interest in
| low level stuff to start with.
| chaimanmeow wrote:
| giving open sores a run for the money!
| waynesonfire wrote:
| are these the six zero days that were used to get those bit coins
| back?
___________________________________________________________________
(page generated 2021-06-08 23:00 UTC)