That said, this analysis highlights the risks of publishing even seemingly minimal information about vulnerabilities, so we encourage researchers to avoid doing this ?
Every crash is potentially a vulnerability. What if you’re not a security researcher? Never publicly discuss crashes?
Evidently Microsoft already had received automatic crash reports pointing at this code. Yet, they only went to investigate it because of the public tweet.
Good story, with one questionable bit:
Every crash is potentially a vulnerability. What if you’re not a security researcher? Never publicly discuss crashes?
Evidently Microsoft already had received automatic crash reports pointing at this code. Yet, they only went to investigate it because of the public tweet.