https://cybersec.xmcyber.com/s/exposures-exposed-weekly-round-up-april-8-april-14-13911 Microsoft released security updates for April 2024 addressing a record 149 vulnerabilities, including two actively exploited in the wild! TC:200k #msft #amazon #ama #meme #tc #workmeme #workmemes #aapl #meta
It's the price of success. if you are a hacker you are going to attack the biggest target. Better chance you will get a return.
There is a big political push to be the one implementing new services and products. This is why they are implemented by mediocres and need lots of rework.
Backwards compatibility
MS is born with defects and can not afford to hire good quality engineers
they create a few and they keep their solutions ready. The impact is measured by how many they resolve, for that introduce a few bugs with already low quality coding, it gets to a bigger number. (source: I was there)
They certainly don’t -find- all their exploits. I’d guess it’s a combination of: - Security researchers / bug bounty hunters inform them of vulnerabilities - they have an active exploit they become aware of, and fix that - updating open source libraries. libpng fixed 3 things? Bump version and ship it and your patch now has 3 security fixes. Why so many? C/C++, basically, and not enough tools or knowledge (at the time, like when the kernel was initially written) to prevent them, I’d assume. Throw in some 30 or so years of tech debt and you have a large surface area for attacks.
Theres no way theres that many every month, sometimes I feel its overinflated…