Microsoft is one of the biggest. software companies…this is widely known.  What is not widely known is there are parts that are vulnerable by design.  The recent print nightmare vulnerabilities have one of them that could be easily triggered with little or no user interaction except to install an automatically loaded printer driver.  This was brought up to Microsoft and they said this was a design feature..not a bug..and would not be fixed.  As Steve Gibson points out…the proxy logon Exchange takeover bugs and now another printing subsystem bug were known for more than 4 months EACH.  The exchange bugs were not fixed until their own customers got hammered..then Microsoft had a fix out in a few weeks.Steve says it all in the linked podcast clip I ahve included below.

 

Skip to content