cR0w on Nostr: Microsoft is aware of a security feature bypass vulnerability in Windows publicly ...
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
I know people here probably don't want to rehash the disclosure discussion for the 683,547,329th time, but fuck Microsoft and this passive aggressive bullshit trying to frame their own interests as "best practices" in a vuln mitigation publication. Your shit is getting torn apart. Act like you've been there before because we all know you have.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585Published at
2026-05-20 13:29:02 UTCEvent JSON
{
"id": "063850db3a9c7fd6b5ec68a3a06ac8124cbae10f2dd38439158722830672cdc1",
"pubkey": "14609e2d429cc6b47de05d41a9840716e4d2e0bec59e8bbf79ad79dd7c5def64",
"created_at": 1779283742,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/cR0w/statuses/116607139357741122",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.ditto.pub"
]
],
"content": "\n\nMicrosoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \"YellowKey\". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\n\nI know people here probably don't want to rehash the disclosure discussion for the 683,547,329th time, but fuck Microsoft and this passive aggressive bullshit trying to frame their own interests as \"best practices\" in a vuln mitigation publication. Your shit is getting torn apart. Act like you've been there before because we all know you have.\n\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585",
"sig": "b8397f4ab0a15b9d5b0ecc1a3f4f7eb26b5299a43e3e2c5d5b634e7acf89ae9f492d93a8efc82bb58294d58279918839c999bd74dcb3e6f2af88c9d753dd6d94"
}
