I only know about CVE-2013-3900 (WinVerifyTrust) which allows modified files to pass signature check unless you tweak registry to enable patches.

I think there must be other instances like this where Microsoft won’t fix vulnerability or chooses insecure defaults, is there a list?

  • tcely@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    A fair number of vulnerabilities exist where a patch or mitigation exists, but hasn’t been widely applied for various reasons.