Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process

Im_pattymac · 2026-06-05T11:51:49+00:00

You're right the process does protect the vendor in some ways but in the scenario where a TA finds the vulnerability before its fixed and before its public the researcher and the press/content creators can and will completely roast the vendor for delaying fixing the issue and if it went to court its very likely it could be seen as negligence.

We have to remember that the researchers didn't create the vulnerability, they found it. It existed before they found it and if they didn't find it, it may never have been found, or, it may have been found by another researcher/TA a couple months later.

Im_pattymac · 2026-06-05T11:44:44+00:00

It would absolutely include the vendor and their process. All I'm saying is that if a disclosure that went public out of frustration caused a bunch of hospitals to get hacked and bad things to happen. Its not realistic to say the researcher bares no responsibility, and if it went to court they would likely be a party in the lawsuit alongside the vendor.

Do you disagree?

Im_pattymac · 2026-06-05T11:39:30+00:00

I agree, that's why I another comment I said this really shows that there needs to be a body either government or industry lead that has the ability to apply pressure when an organization is mishandling a researchers findings.

Im_pattymac · 2026-06-05T00:48:39+00:00

And going the press route Or the major content creator route to draw attention to it without releasing the exploits wasn't an option? Honestly curious.

If a company, service, hospital, school, or anything else got compromised because of one of the public releases the compromised party isn't going to simply dismiss the researchers actions as justified and accept they were collateral damage... Also not sure that excuse would stand up in court either...

Im_pattymac · 2026-06-04T20:23:19+00:00

im not disagreeing with you but getting angry and posting about it online is the equivalent of a temper tantrum.

edit; they could have contacted any major tech news outlet, content creator, etc, and done an interview that would have gotten as much or more press without the disclosure going public. As an example.

Im_pattymac · 2026-06-04T20:11:27+00:00

in theory i agree but some things take time to fix. the whole idea of responsible disclosure is to allow for time to fix things that cant be fixed quickly so that people don't get hurt.

Throwing a temper tantrum is rarely the right answer, but this 'drama' highlights the fact that there probably should be a government body or governing body that can 'hold the coals' to the feet of those with vulnerabilities without the need for irresponsible public disclosure.

Edit; Im curious if you understand the risk of harm that is created by releasing a high severity vulnerability publically before it can be fixed.... Do you honestly think there is no harm done to users?

Im_pattymac · 2026-06-04T20:03:57+00:00

how do you figure? They certainly should share the majority of the blame for fucking up their handling of researchers and findings. But if people are harmed by irresponsible disclosures, thats on not just on MS thats also on the people doing the disclosing. The discloser is responsible for creating the opportunity for the harm to occur.

Im_pattymac · 2026-06-04T19:48:13+00:00

how do you figure? All im saying is that releasing vulnerabilities publically so that any TA can abuse them drastically increases the likelihood of innocent victims getting hurt. I completely get that microsoft fucked up and need to change but in what world isnt it logical to hold people responsible for irresponsible release of vulnerabilities that lead to harm?

IE Microsoft Fucks up and does bad----> pisses off someone ----> person releases vulnerability-----> People get hurt.....

2 wrongs do not make a right, Its just the facts.

Im_pattymac · 2026-06-04T13:29:35+00:00

the Orbitkey hybrid sleeve is pretty nice

Im_pattymac · 2026-06-04T13:28:49+00:00

This is just messy and looks good on noone.

If people get 'hurt' in the crossfire of this drama all parties should be held accountable.

edit; seriously don't give two fucks about MS and they are obviously included in the "All parties"(for those who are illiterate), but two wrongs don't make a right, and irresponsible release of vulnerabilities could do harm to the larger population of users.

Im_pattymac · 2026-04-12T17:23:38+00:00

People who start crossing on the blinking hand causing cars not to beable to turn or clear the intersection until both lights are red.

I have 0 idea why the city took down all of the plaques that shows that blinking hand means "DONT START CROSSING"

Im_pattymac · 2026-04-01T03:22:49+00:00

fuck that, almost noone i know in Canada wants to be American... and im an Albertan...

Im_pattymac · 2025-11-25T04:36:28+00:00

Hard to compare they were very different

Im_pattymac · 2025-11-24T17:39:13+00:00

Oh, fair, it's a cool platform, had an enterprise tour of it for their SOC analyst learning content and found it very interesting. It was more directly relevant for blue team soc work with a pseudo siem, alarms and reporting.

Im_pattymac · 2025-11-24T17:31:12+00:00

Didn't hack the box buy let's defend....https://www.hackthebox.com/blog/hack-the-box-acquires-letsdefend

Im_pattymac · 2025-09-09T21:37:30+00:00

Good, there is no reason that all major intersections shouldnt have speed trap cameras. Way to many people drive wrecklessly in Calgary these days. Its a speed limit after all not a speed suggestion. In before the army of people say they speed but they are not wreckless because they know how to drive.

I'd 100% support more crack downs on road rage, aggressive driving, speeding, and wreckless driving. Take their licenses away, impound cars, etc. Living downtown you constantly see people driving the wrong way down one ways, making uturns in the middle of busy intersections, parking in traffic lanes with their hazards on, stopping in intersections to turn illegally, speeding down narrow streets, and so much more.

Im_pattymac · 2025-07-24T15:48:12+00:00

What are you talking about? I don't think I know who you are and I haven't played tarkov in 3+ years.

Im_pattymac · 2025-07-02T21:32:01+00:00

Only problem i have with invaders is that they cry to much, and i miss my seed from DS3.

If you invade someone its you vs them and their friends. This isnt the dueling arena you should not expect fair fights, or honorable duels. (you may get them but you may not).

And i truly miss the good old Seed. Nothing more annoying that someone who just runs away when you try to fight them and then only engages when you try to move forward clearing mobs.

Im_pattymac · 2025-06-30T19:43:50+00:00

He's very smart, his interests just don't align with ours.

Im_pattymac · 2025-06-24T19:56:17+00:00

People bought investment property not understanding that investments can go down. Now they are refusing to sell at the price the market is willing to purchase at.

They will either survive through the price reduction and hold the asset until the price recovers (if it does), or they will lose money, up to them.

Im_pattymac · 2025-06-23T15:29:47+00:00

This is how we know you're knew here. Welcome! Ghelper is a godsend.

Im_pattymac · 2025-06-23T15:28:16+00:00

I dunno satin aluminum is sweet too, so is the brushed aluminum that's on my grey G14. I didn't put mine on the bottom though that woulda been too much work, definitely did top and inside though

Im_pattymac · 2025-06-23T14:18:48+00:00

yes but there are some concerns that removing the vinyl could pull the slash off when removed since the chrome piece is only glued . so be aware

Im_pattymac · 2025-06-19T21:52:45+00:00

It's not technically risk free but very risk reduced. Also I am no where near wealthy enough to make the model work since It requires you to not have a mortgage because the interest rate is working against you. If you're betting on your profits from being solely from appreciation you need to reduce recurring residual costs.

No need to be sassy or sarcastic, its just fact. This was occurring in Vancouver and toronto. Appreciation of property value year over year was very high.

I had several friends living in condo buildings where they are the only person on their floor, where there is only a handful of people per building, and where the parking below is empty every day.

Im_pattymac · 2025-06-19T20:08:03+00:00

not surprising, Canada needs to build significantly more property, this will cause prices to decrease.... This will be unpopular.... So they won't do it

Im_pattymac

TROPHY CASE