MSRC Case 73997

[anthonyvdotbe]

Recently I reported a BSOD to the MSRC. As a final response, I received the following:

[...] A fix for this issue will be considered in a future version, however, MSRC has investigated this issue and concluded that this does not pose an immediate threat that requires urgent attention due to this being rated as a Moderate severity, Denial of Service. We do see areas of improvement where the engineering team may ship a fix. We have shared your report with the team responsible for maintaining the product or service. They will review for a potential fix and take appropriate action as needed to help keep customers protected.
At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.

There's a couple things here:

• while I understand the BSOD was rated as moderate severity w.r.t. security, I'd argue it's a critical issue in terms of UX (also because of how easy it is to trigger the BSOD)
• as I won't receive further updates from the MSRC, I'm opening this issue, so that I can at least get notified once it's been resolved

[Biswa96]

From my past experience, the only thing that triggers security people is privilege escalation 😔