Oddbean new post about login | logout @481e848e What is not clear is why Teams was not patched for 5217. This is a weirder vuln, regarding vp8 encoding, not decoding. Even so, I'd like an explanation as to why Teams is not vulnerable.
@663e5b60 Interesting, just looked into this further in Microsoft's own guidance here: https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/ It does indeed list Edge as the only product patched, maybe Microsoft uses their own VP codec for their video conferencing products & not the open source libvpx codec?