Success!!! Found all the burnt out ones. Every year I find burnt out ones

@GossiTheDog and I have a suitcase on my search

@nathanmcnulty can you pop me your email address to [email protected] ?

So https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715 is only vulnerable on M365 apps for enterprise and no other sku?

@malwaretech it’s all about eyeballs

https://support.microsoft.com/en-gb/topic/january-17-2023-update-for-office-2013-office-2010-and-office-2007-kb5021751-f4a23c1d-4d1f-44ba-a43a-7a5528afb4ea So I have questions. Now I know from past discussions that often what ends up in MU is not vetted by the Security side of Microsoft. But would the Microsoft of SDL/Security era vintage post 2003 version of Microsoft send out an update through Microsoft update doing a head count on old systems? Something that only goes out on MU, "doesn't install anything on your computer" but isn't transparent to customers of what is going on.

@GossiTheDog Given that vendors still have their "we just blew up your desktop and we're working on it" over on the bird place, I still do both. Twitter is the conspiracy theory headquarters, what just happened on a live TV show location, Mastodon is more calming, researched and ah the normal people are over here (which given that it's my new infosec social media space and it's MORE calming than the bird site tells you a lot doesn't it?)

@GossiTheDog So I have tinfoil/conspiracy theory questions: which location updates those defender defs? is there a testing/vetting process?