Microsoft’s implementation of elliptic curve signatures allowed attackers to generate private pairs for the public keys of any legitimate signer. This enabled spoofing of any HTTPS website or signed binary on affected versions of Windows. We wish Microsoft was as lenient when choosing the time of updates, as it was for choosing generator points!
recognize both excellence and incompetence in the field of information security