1. 4
  1.  

  2. 1

    Good story, with one questionable bit:

    That said, this analysis highlights the risks of publishing even seemingly minimal information about vulnerabilities, so we encourage researchers to avoid doing this ?

    Every crash is potentially a vulnerability. What if you’re not a security researcher? Never publicly discuss crashes?

    Evidently Microsoft already had received automatic crash reports pointing at this code. Yet, they only went to investigate it because of the public tweet.