> Security experts like Mike Kuketz think that most probably we need to consider all Microsoft systems that are using their cloud authentication including all Windows hosts are compromised.
This is a giant claim.
It does seem theoretically possible that a stolen signing key could have been used as part of a bigger attack to access critical services like Windows Update or the Azure control plane, but it does feel like someone would have noticed that kind of systemic compromise.
This is a giant claim.
It does seem theoretically possible that a stolen signing key could have been used as part of a bigger attack to access critical services like Windows Update or the Azure control plane, but it does feel like someone would have noticed that kind of systemic compromise.