Microsoft "confirmed Tuesday that its validation procedure had been manipulated to digitally sign dozens of pieces of software."
Microsoft, Adobe, these firms have autoupdaters, installed on so many of our machines, that will run without question code signed by the mothership.
That's bad enough. How much should you trust Microsoft, both its intentions and internal security?
It's absolutely terrifying that hostile third parties have managed it. https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/
ht @GossiTheDog