nyanbinary (unvalued goose)May 20

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584

One job. You had one job.

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

Security Update Guide - Microsoft Security Response Center

Show threadCat 🐈🥗 (D.Burch) May 20
@nyanbinary I'm sure they learned their lesson and won't let it ever happen again! 
Show threadrk: it’s hyphen-minus actually

@catsalad @nyanbinary

Was it Defender that would execute JS without a sandbox and was trivially exploitable like…a few years ago? I think that was them.

May 20 at 10:14pmWeb
Show threadHovav ShachamMay 21

@rk @catsalad @nyanbinary Yup, in 2017. @natashenka had a PoC that fit in a tweet.

[https://project-zero.issues.chromium.org/42450276]

Project Zero