This is a cartoonish level of evil by Microsoft blud
this post was submitted on 27 May 2026
858 points (99.2% liked)
Technology
84981 readers
3729 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
I wonder if the dude happened to find an internally documented backdoor intended for use by government actors? Or most likely they just don’t wanna deal with it and the perceived fastest way to deal with it is to try and bury it. Both could be true, but I’m just speculating.
Their april 15th blog post explicitly calls it a backdoor and mentions it was very well hidden. I'm interested to see what comes of this
Did you see the last post?
load more comments
(3 replies)
load more comments
(3 replies)
I'm no expert. Is this an issue where MS is refusing to pay bounties to the researcher for finding the bugs, and MS follows up by deleting the researcher's git hub? Am I missing anything? If I understand the basics, this is how you turn a white hat into a black hat. Good job microslop.
So the researcher has posted on their blog over the past few months some rants about Microsoft "destroying their life" and vowing to continue to post zero days in retaliation, and has been posting proof of concept code for these zero days to their GitHub.
From their rants (there's a couple of fresh ones including indication that tomorrow will be "one of the hardest days of their life" and that they'll post a big zero day on July 14th) it sounds like Microsoft deleted their account, revoked their access to the responsible disclosure portal and they've had some back and forth discussions in private that they're now making more public
Normally what happens is researchers report vulnerabilities via Microsoft's purpose-built bug bounty portal, and Microsoft can patch these vulnerabilities before they can be actively exploited, and researchers can pocket enough income to make a living entirely off of bug bounties. Obviously this all broke down in the case of this particular researcher so here we are
His blog posts share his side of the story, but Microsoft has not made any comments about what happened.
From March 26:
I never wanted to reopen a blog and a new github account to drop code...
But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.
Then on April 15:
Normally, I would go through the process of begging them to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did and I'm not sure if I was the only who had this horride experience or few people did but I think most would just eat it and cut their losses but for me, they took away everything. They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.
And one other thing, they do everything but support the research community, I won't disclose details but they sabotage people a lot. I mean just look at the past, Microsoft is the only major company who had a track of multiple vulnerabilities being publicly disclosed just because the researchers were soo upset by how MSRC treated them.
Unfortunately, the folks who have the capacity to stop those disclosures, not only don't care but also seems to push harder for worst exploits to be released, I didn't want to be evil but they are actively poking me to start releasing RCEs which I will be doing at some point...
I will personally make sure that it gets funnier every single time Microsoft releases a patch.
There was a comment on the first post that I feel like is pretty on point, though a bit arm chair psychologist:
You’re a smart guy. Maybe a savant. Just wondering if you’re BiPolar (like me) and see a different reality than what is real. Been there.
The way the system autodeletes the exploit trigger makes it sound like it was less a bug and more a backdoor.
I don’t think we know enough information to say what the root cause is, but this is definitely not the way to go about anything on the M$ side.
This is extremely unfair to MicroSlop.
The saga has drawn speculation from other experts, like William Dormann from Tharros, who said that "MSRC used to be quite excellent to work with. But to save money, Microsoft fired the skilled people, leaving flowchart followers. I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now."
. . . In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are both nearing zero, Microsoft and other software players would do well to adjust their policies.
That's such an insane aside. 90-day disclosure-to-patch. Craziness.
On the other hand, this is exactly the way microsoft has been for - easily - 30 years. Like, 1996 microsoft could be slotted into today and literally nothing would change. Other than Nadella would probably be on a bunch of coke.
Microslop C-Suite boomers really are dumb af
Too bad there aren't any GitHub alternatives for them to post future exploits on.
load more comments
(3 replies)