You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
attestation program
About this tag
The attestation program tag on WindowsForum.com covers discussions about Microsoft's security attestation processes, particularly in relation to vulnerability disclosures and Azure Linux. A recent thread examines CVE-2024-3096, a PHP password verify bug, and how Microsoft's Security Response Center issued an attestation stating that Azure Linux includes the vulnerable library. The conversation explores the scope of this attestation and whether other Microsoft products might also be affected. This tag is relevant for IT professionals and security teams tracking Microsoft's attestation program and its implications for enterprise environments.
A subtle bug in PHP’s password verification logic — tracked as CVE‑2024‑3096 — let an attacker gain account access in a corner case: if a stored password hash begins with a NUL (0x00) byte, calling password_verify() with a blank password could return true. Microsoft’s Security Response Center...