this post was submitted on 19 Jul 2024
1264 points (99.5% liked)

Programmer Humor

19623 readers
88 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Solemarc 17 points 4 months ago (5 children)

Maybe this is a case of hindsight being 20/20 but wouldn't they have caught this if they tried pushing the file to a test machine first?

[โ€“] undu 6 points 4 months ago

It's a sequence of problems that lead to this:

  • The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
  • There should not have been a mechanism to bypass Microsoft's certification.
  • Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.

Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.

load more comments (4 replies)