Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Mr. Bitterness (wdormann@infosec.exchange)'s status on Thursday, 13-Mar-2025 21:28:45 JST Mr. Bitterness

Me to MSRC: Words clearly describing a vulnerability, with supporting screenshots of the commands I typed and the response that Windows gives.
MSRC: Can you please provide a video showing the behavior you are seeing?
Me: ...
I get that people doing grunt work have mostly-fixed workflows that they go through with common next steps.
But to request a video that now captures (beyond my already-submitted screenshots) the act of me typing, and the Windows response being painted on the screen adds what of value now?
In conversation about 10 months ago from infosec.exchange permalink
Attachments
1. table flip GIF
- Embed this notice
  Mr. Bitterness (wdormann@infosec.exchange)'s status on Thursday, 13-Mar-2025 21:28:45 JST Mr. Bitterness
  in reply to
  
  MSRC to me just now:
  As requested, please provide clear video POC (proof of concept) on how the said vulnerability is being exploited? We are unable to make any progress without that. It will be highly appreciated.
  Time to make a 10-minute-long video of me pressing enter in CMD.EXE...
  
  In conversation about 10 months ago permalink
- Embed this notice
  Mr. Bitterness (wdormann@infosec.exchange)'s status on Thursday, 13-Mar-2025 22:49:36 JST Mr. Bitterness
  in reply to
  
  I get it that kids these days can't comprehend anything that doesn't live in TikTok. But for MSRC to not accept a clearly worded vulnerability report that doesn't have an associated video with it...
  Fine. You want compliance? (Malicious) compliance is what you'll get.
  https://www.youtube.com/watch?v=fI84ATvG_xw
  In conversation about 10 months ago permalink
  Attachments
  1. PoC Video for MSRC
    
    from Anonymous Tablet
- Embed this notice
  Mr. Bitterness (wdormann@infosec.exchange)'s status on Tuesday, 18-Mar-2025 02:03:38 JST Mr. Bitterness
  in reply to
  
  "Don't make vulnerability reporters angry" is not high on anybody's list, it seems.
  In conversation about 10 months ago permalink
  Attachments
  1. Will Dormann Mar 13, 2025 at 12:18 PM As you wish. But when I attempted to upload the video, I got: Error sending attachment! Request failed with status code 403 As such, here's a copy of it online: https://www.youtube.com/watch?v=fI84ATvG_xw
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/156/029/526/823/916/original/d2e895ff72a62cd7.png
- Embed this notice
  Mr. Bitterness (wdormann@infosec.exchange)'s status on Tuesday, 18-Mar-2025 02:03:38 JST Mr. Bitterness
  in reply to
  
  I simply cannot. even.
  In conversation about 10 months ago permalink
  Attachments
  1. Email from MSRC: Dear Will Could you please upload the video on one-drive and share the link with us? Regards MSRC ------------------- Original Message ------------------- As you wish. But when I attempted to upload the video, I got: Error sending attachment! Request failed with status code 403 As such, here's a copy of it online: https://www.youtube.com/watch?v=fI84ATvG_xw
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/178/766/181/766/078/original/1047de8779948153.png
- Embed this notice
  Mr. Bitterness (wdormann@infosec.exchange)'s status on Tuesday, 18-Mar-2025 02:03:39 JST Mr. Bitterness
  in reply to
  
  Great job, folks.
  In conversation about 10 months ago permalink
  Attachments
  1. Error sending attachment! Request failed with status code 403
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/155/905/911/658/501/original/7ce3d1640f1c9d00.png
- Embed this notice
  http :verified: (http@infosec.exchange)'s status on Tuesday, 18-Mar-2025 08:19:08 JST http :verified:
  - Kevin Beaumont
  @GossiTheDog @wdormann paid support is definitively outsourced. Not sure about security bug triaging, but probably the same.
  
  In conversation about 10 months ago permalink

Public

Conversation

Notices

Feeds