Ten times shorter just means "readable without losing an excess of time on ramble" and I feel like someone's comeback to this will be "you should ask an AI to summarise".
The researcher's own statements note that the zero days were not found with AI.
And honestly I think that's the part that Microsoft is most upset about, because every internal partner conversation I've had has been about needing to buy Security Copilot because all the advanced attacks are coming from AI, and just suggesting vulnerabilities existed before AI seems to make salespeople uncomfortable continuing the conversation.
The problem with all these permissions ideas: VSCode in most cases is expected to be able to push to a git repo. Many developers these days use it over the CLI for pushes and pulls.
So if it has a "minimal" set of access, it has access to a Github key. That's enough.. to do this sort of damage.
Note that despite being named here as "Azure Linux" and being described as a "General purpose Linux OS for Azure", once you go to the product documentation it's referred to as "Microsoft Azure Linux Container Host for AKS", and the Quickstart guide is about how to deploy a Kubernetes cluster. It doesn't seem very capable of general use.
The docs aren't set to be updated until after the "official" announcement at Build in a couple weeks, but this is a good call-out. We'll see about getting this updated to clarify.
To date, its only external exposure was as a container host for AKS. This announcement is about also offering it as a general-purpose OS for VMs in Azure. The public preview will come in a few weeks, at which point you'll see documentation showing how to use it in that capacity.
Source: I lead the AKS and Azure Linux PM teams at Microsoft.
I work at a university and we still have some workstations that need IE as well, for a healthcare vendor app that needs ActiveX. Up until recently we even had some machines running Windows 7.
I guess I woukd say youre fortunate to have not worked in a "we cannot use github.com because we take security very seriously" environment. Because always tells me you'll be running a on prem product that might get updated once a year.
On prem beats the heck out of github post Microsoft though... At least you know how to get it working again when someone breaks it. These days with github you expect a weekly 500, a rainbow unicorn error, build failures due to unavailable errors, etc. Last I checked the third party tracker github services were barely pushing one 9 of reliability.
Yes this is what im confused about. They described it as a parking domain, but the old strategy of "buy a popular domain and put ads on a one pager" hasn't been something that pays substantively for a long time. Ads sales have plummeted in general but not being able to use adsense would make it worse.
The first example I looked at was haute-sorne.ch, which is reported by this tool as "Self hosted/other". Whilst it's true that they appear to self host, https://mails.haute-sorne.ch will land you on a Microsoft Exchange server, patch level 15.2.1748.39.
This is better than typical, being an October 2025 patch. But that leaves open CVE-2025-64667, CVE-2025-64666 and CVE-2026-21527. Which are vulnerabilities with patches out going back months.
Now are these RCEs? No, but this was also the first example I looked at.
reply