Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation. Senior principal vulnerability analyst Will Dormann said last week he contacted Microsoft Security Response Center (MSRC) with a clear …
You beat me to it with your most obvious must-be-first comment. I planned to say "youtube", public video, full description science-professor-style, with all links directly to the exploit "as requested by the Microsoft Security Response Center employees X and Y, as you can read here in their responses."
clear evidence that the MSRC handler didn't bother actually reading what I submitted
That's pretty much par for the course for any support request to Microsoft. They skim-read the comment, pick out a few isolated words, and then copy&paste an irrelevant response asking you to try all the obvious things that you've already done. Then they ask you to upvote them for being helpful.
I think at this point I wouldn't mind the outsourced support to be further outsourced to an AI bot. Honestly, just train it on the scripts you give the support team, and give it access to the internal knowledgebase. At least you'll get quick, prompt replies, even if you'll also get about the same percent chance of getting your issue solved.
I once submitted a support ticket of "I know how to do this in outlook for windows, I know how to do this on OWA, I know how to do this in the old outlook for Mac, but I can not find the option in the new outlook for Mac". I got a call from someone who asked me to share my screen with him, followed by a very confused "umm, there is no ribbon?". In other words he had never as much as seen a screenshot of the program before, and was planning on giving me the windows instructions.
An AI with access to their knowledge base would presumably have responded to the initial ticket with the information that the functionality does not exist in the new outlook for Mac.
An AI WITHOUT access to their knowledge base would have figured out from my ticket that the windows instructions weren't going to bloody well work...
I'm not too upset with people that prefer to follow along with video tutorials or troubleshooting, but I definitely prefer a written article I can follow and digest at my own speed; The fact that since "Pivot to Video" was a thing, that's the first thing search engines throw up now is a first world annoyance I have to put up with.
Perhaps this bug has afflicted Microsoft.
BELLFRIAR Everyone who's been into deep space has had the Terran ague, or the three-day sweats as it's commonly known as. It's a sort of a mild infection, it slightly alters the body's nucleic structure, it seems to be a metabolic reaction to space travel. Well this new virus, Paratype 926, attacks those altered cells and acts as a catalyst, they burst and, well the effects are literally a series of explosions that race through the body's neural cell structure. The virus is easily cultured in human tissue or in nucleic acid solution. Now, here is the formula for the antiserum...
BLAKE [On Liberator] Dr. Bellfriar, are you saying that this virus is only effective against human beings who've been in deep space?
BELLFRIAR [In Laboratory] Precisely. It fits your theory. But I don't think that the virus was designed to destroy man, merely to confine him to his own planet. Now here is the formula.
BLAKE Go ahead.
BELLFRIAR H-N, H-N-O ... oh, My God!
BLAKE Dr. Bellfriar! Dr. Bellfriar!!
BELLFRIAR I've forgotten how to read. [looks at his hands, covered in blisters. He groans and covers his face]
Don't forget that they usually then say that it isn't something they can deal with, as the request has come through to $RandomDepartment unrelated to where you reported it, only for them to then pass it to a different, wrong, department. Repeat at least 3 times, until it circles back round to the original department. Each transfer taking 2 days to get a response from. Then eventually them saying it isn't a problem, its intended, and closing it without actually helping you.
I’m honestly only surprised they didn’t ask him to reboot and run sfc /scannow - that seems to be the unthinking copy-paste response to every single ticket raised on the Microsoft “support” forums.
Edit: oh, curse the way comments are threaded on the Reg. I finally, 5 minutes after posting this, read down the page to reach the point where it had appeared… only to see that the similarly-named David Austin, who is clearly smarter, faster, nicer-smelling and more attractive to prospective partners than I, beat me to it by a piffling 5 hours. Give him your upvote. I deserve nothing.
If you go to a vendor site for help with a problem they almost all have videos that they urge you to watch. A few years ago i set up a new desktop computer. the monitor screen was defective out of the box with a multi color line across the screen. i sent a picture of the problem to the help desk and they wanted to do a remote desktop to "see" the problem. Said "ok" and got the report back that they couldn't see any problems!
This reeks of Microsoft 365 Support Syndrome where, no matter how absolutely fucking crystal clearly I made the issue in the initial description, the technician will ALWAYS ask for a remote session, will ALWAYS ask for a phone call even though I specified I prefer email, and will ALWAYS be nigh fucking unintelligable when they do get on the phone. And when we go through the screen sharing merry-go-round and I show them exactly what the screenshots showed and do the exact same troubleshooting and debugging steps I ALREADY TOLD YOU I DID, you are still fucking surprised it doesn't work and have to "escalate the issue" because there's nothing after step four in your stupid fucking internal guide and the Microsoft docs doesn't have an answer for you to quote because I already looked just like I told you.
I'm sorry can you tell I'm fed up. Especially considering this support costs thousands of dollars.
Honestly I just started putting single sentences in my tickets because it's about as effective. I know I will be forced regardless to slowly re-explain my case to some bored dude from Zimbabwe that doesn't care I exist so why should I even bother.
"Especially considering this support costs thousands of dollars."
Wait, what? That sounds exactly like my experience, difference being i pay fuck all for support. That's egregious.
Let me guess, this call always takes place within the SLA timeframe, but the can they kicked down the road takes a while to be picked up?
It depends on your licensing model, which is itself an actual nightmare. I work in education and the choices they give you are all 3 letter acronyms and have changed completely at least four times in the past maybe 10 years, requiring new contract negotiations, new pricing, etc. Not to mention you have to wait for your reseller to even begin to understand the licensing changes too, and pray their license manager actually knows what they're doing and doesn't screw something up. This is aside of course Microsoft deprecating and now removing VLSC for end users, replacing it with the ugly and until very recently severely less functional Microsoft Admin licensing tab.
With the latest education model, I believe support is not bundled in to the subscription pricing and you have to pay for it. But unlike at $job[-2] I haven't seen the contract and can only regurgitate the rumors around the office, so take that with a grain of salt. I don't even know what they're calling it anymore, it used to be MSCA, then it became OVS+SA/OVS-ES, then EES, and then I think we moved to CASA+EES or something??? and who knows what it is now with the introduction of 365 into everything. Last I did any license management was before the Office 365 rebranding so I'm a bit out of date.
And yes, we have a SLA for initial contact only. Anything after that is ¯\_(ツ)_/¯
And the reason so many people give for not doing is that manglement insists on having support. You do realise, don't you, that there are a number of people who will sell Linux and other FOSS support services. The reason they continue to trade is that they give customer satisfaction. If they didn't they'd be out of business because they don't have a monopoly to prop them up.
You think that the suggestion was funny? Then why is this thread full of people pointing to Microsoft support and not quite managing to laugh?
You do realize, don't you, that I made no claims to anything and your entire post is assumption? That my post was sardonic in nature? Hinting at a deeper meaning? One that you yourself are sure to understand? That simply "not using Microsoft/Windows" is harder than it sounds, often because of said manglement?
Of course a large swathe of people (myself included) would switch off Microsoft immediately given the opportunity. But I, a grunt, do not have the authority to make such an opportunity, our students/staff/faculty do not know about/want to know Linux for workstation use, we are very embedded in Azure, we are financially constrained to continue on the path we're on, and overall there's a lot of pain that Microsoft is removing from our shoulders—even if they also generate a lot themselves.
Fact of the matter is, Microsoft owns the industry, and people want them. Maybe not many of us in technical positions, but certainly non-technical users, and definitely vendors that only provide software for Windows. Vendors of which our org is forced to use, with no alternative other than building everything ourselves. Which again, we are unable to stomach financially.
And for the record, my org runs Red Hat/Oracle where we can, and yes we do have support. Would love more of that.
Linux is Linux, I can make it do what I want with little trouble. Can't say the same about Windows Server. Your choice of distro is really up to personal preference and what vendorware you need to run, honestly.
I would rate Ubuntu worse on a technical level if you really want to split hairs. RHEL wouldn't be my first choice either honestly, but it's well-known and well-supported in the industry. And, again, it works.
You haven't worked in many places, then. Use those toes to count how many businesses within 10km of you use Microsoft products.
Congratulations if you've found employ at a place that doesn't, and that you had the courage/time/money/privilege to go find one in the first place. Not all of us are so lucky/financially stable.
No. It's because they provide solutions to problems. Maybe not well, and maybe with a whole laundry list of caveats, gotchas, asterisks, and daggers... But if you need something done, and you don't have the manpower, capital, or time, and industry leader Microsoft is willing to sign the devil's contract with you, while also providing "support"...
And it would be different if you were a new org, with the option of starting fresh. OpenLDAP instead of AD, authentik instead of Entra ID, Linux instead of Windows, there are plenty of options. But for an existing org, with decades upon decades of reliance on Microsoft, the number one deciding factor is "we are already a Microsoft shop".
Other reasons include compliance with governmental regulations making rolling your own a non-starter for a myriad of reasons, lack of talent in the industry with what is sure to be a very specialized and custom solution when you step out of (popular vendor here)-land, software and hardware vendors you may have no (financial) choice but to use not supporting anything but Windows... Desiring a support contract is but one item on a laundry list of potential questions an org has to answer to make their business work.
Yes, I am.
Put aside your blind hatred (yeah it's hard for me to as well) and hazard an unbiased guess at how many organizations rely on the big names, like AD for example. We all know AD sucks in uncountable ways, but not only can it do everything you need it to out of the box, it has decades of prior art behind it, and is largely pretty stable. Setting up a new domain controller is dead simple, and everything is a clicky GUI with clear descriptions. It doesn't require particularly special technical knowledge.
Would I prefer OpenLDAP, UCS, or hell even 389 (which I used to admin)? Hell yes I would. More control and freedom in implementation, less licensing costs, can run it on Linux, plaintext configs (well sometimes, slapd has OLC...). But what those solutions provide in poweruser goodness they lack in ease of use for the layperson.
AD/Entra ID, PeopleSoft, etc. Work in the industry for a little bit and you end up constantly seeing the usual names slinking around. Especially in education, which is my career. Basically every university uses AD on Windows Server, man. And it's not because it all universally sucks.
> but not only can it do everything you need it to out of the box
I'm not the original source of laughter, but this gave me a strong chuckle. :-)
Mostly it *constrains* you so hard you can't do anything that AD can't do "out of the box" -- and if you do need to do something that isn't in that box, you're typically SOL.
Example: It can't provide a token to a client authenticating them with credentials/services -- think JWT's. Oh, you meant "Active Directory can do everything that Active Directory can do, out of the box"? but that would be a straw-man argument. (Sure, AD can provide a kerberos identity token, but that's really not the same thing. JWT is more about signing grants, and you take that (token + data) with you, not [just] proving you are whom you are. AD can not do this. Other software might be able to make something happen, but AD can not do anything like this.)
Typically bugs, too, you're forced to find your own work-around. Usually they're documented online, but sometimes you're doing something kinda uncommon. Other times the solution is to get a wrapper for it that hopefully might be able to do what you need. (RADIUS -- not a bug, a wrapper for a need.) If you call up MS Support with a bug, and there is *any identified work-around*, then that bug is now a feature (that may change) and the proper way to do it is the work-around. Problem solution: there is no problem. That'll be $500. If your problem isn't fixed, then approach the problem with other tools and methods. Problem solution: there is no problem.
Then things change out from under your feet. Today's AD can't serve yester-year's servers, and while today's clients can *probably* authenticate to yester-year's AD (within reason of encryption schemes), it's mostly about a compatibility matrix. If you're not within it, then again, it's up to you to make things write. AD won't.
AD is primarily a real user identity service—it existed long before JWTs were floating along the neurons in its creator's brain... And honestly, I wouldn't be surprised if someone, somewhere already made that. Or that somewhere in the Microsoft tech stack, your desired feature already exists in some form or another.
No, I don't mean "Active Directory can do everything that Active Directory can do", and I was only using that as an example. The realm of built-in software you can provision on a fresh Windows Server device is massive, and AD is only one part of it. If you're a startup that needs basic identity management, install Windows server, tick a box, go through the wizard, and you're done. It's incredibly simple to get started, you can add hundreds of thousands of users with great performance, you have a slew of third party software at your disposal to bolt on to it, and it's basically LDAP under the hood so anything that speaks LDAP can also (generally) speak to AD.
Need certs? Tick the box that turns your server into a certificate authority, use a web-based interface to generate and dispense certs.
Need web server? IIS.
Etc etc.
Are each of these products best in class? Absolutely not. Once you have to administrate them for a while you'll find plenty of headaches. Everything you said is correct.
My point is the barrier to entry is very, very low, and the ecosystem is as wide as it is deep.
Think of it like buying into Apple. You don't just get an iThing for its iFeature, you get it because it gets you access to all the other iFeatures that Apple gives you, like Air Drop, iCloud, the built-in VPN thing, using your iPad as a secondary monitor wirelessly. All those features are a click away and require absolutely zero futzing around to use. That's why people are attracted to Microsoft.
(Even if after purchase you find out that, actually, there's a lot of futzing around to be had... that's neither here nor there though.)
Yes, AD and the rest don't do everything. I didn't insinuate that. But for the needs of the vast majority of companies, which is the implied demographic behind those that "need it", it's sufficient. None of it is nowhere near the best at what it does and there are plenty of better options. But you get a lot for the ecosystem you jump into.
Yes.
We know it's a steaming pile of "stuff", some written in house, some bought in and enshittified, held together with digital gaffa tape and covered with a good layer of lipstick. But, from a business PoV they have this whole stack - you sign one direct debit with MS and you get all this pile of stuff and it all sort-of works together. Never mind that none of the components might be the best available in isolation - the reality is that nobody has an alternative offering that offers a sort-of turnkey package with so much that sort-of works together.
Yes, there are individual components that are better. But thanks to MS's long game and shrewd (and even illegal as determined by courts) actions, they'd spent the last 2 or 3 decades systematically killing off any viable competition - and we (collectively as a large user base) have allowed that to happen. Some of us were warning about it 2 or 3 decades ago - but business leaders weren't interested in that long game, or just failed to grasp the significance.
The reality now is that it would need a large government sized organisation to have the resources to sponsor a project to compete - and unless the USA does something* to make what's gone on in the last couple of months seem like a small blip, there's not going to be the political will to do it. Yes, a private business could sit down and try to build a competing offering - but they'd have an uphill struggle persuading people to switch, while MS would be employing all the usual dirty tricks to break interoperability.
* In theory, one person could sign an order and have MS turn off European users. And regardless of any statements MS might make, they would have that ability.
I've mentioned this before, but even worse are the new automated, scripted phone-support systems. Not only can they drag you through stupid, tedious troubleshooting steps, explained in plodding, laborious lowest-common-denominator detail, but (to the extent possible) they're able to check whether you're following their directions. And if there's any sign you are not, you are in for a world of hurt.
Here's an example: The last few times I've had to call my cable company for support, their first line of defense is now a "TellMe"-style automated "support tech" that walks you through the process of restarting your cable modem. (I know, my eyes practically rolled out of my head, too.) Here's how that should go:
Now, that's the ideal scenario. But here's how it can go:
At that point I think I just hung up. The line came back to life a few hours later.
> Could you please restart your computer
Well..... no. :-)
I won't say that. "Sure, give me just a moment..." Usually the time required to find the Windows 95 startup sound is about right for the time required to perform an actual reboot. Play that for them, and they'll be content that you did, in fact, restart your computer.
This reeks of Microsoft 365 Support Syndrome ...
There you go.
Reads more accurately now.
In another life, eons ago (remember W95?) I had the idea that, costing what it did and being Microsoft, I'd get something useful from the person on the other side of the telephone line when I contacted tech support.
Guess again ...
This crap has been going on for decades and we are the only ones to blame.
Microsoft knows well enough by now that they can get away with this type of crap, act accordingly and ...
Guess what?.
They get away with it.
And it has nothing to do with where the tech support it located.
It is directly related to who they hire, their training and the wages they pay.
Or do you really think good tech support is only available in Europe, North America, etc.?
.
On specifically your last point: I do think culture makes the experience. Consider how hard it must be to hire good people, when the vast majority are held to a low standard and yet are still paid, and where leaving one company for another if you are held to a higher standard is easier done than said, because there are hundreds of them. So at that point, why should either the hiring agency or the employee care at all, especially when they keep getting massive amounts of business? This is the problem I have with call center exporters, and it just so happens the majority of them are stationed in countries with cheap labor.
And to answer the question in particular: No, I don't. But even if I can't get good tech support, I would sure love to be able to at least fully comprehend even one of the myriad of sentences being talked at me. I guess it's my fault for not speaking Punjabi.
But yes, ultimately, Microsoft is to blame for outsourcing all this and not hiring good people themselves. They surely have enough money to do so, but choose the lowest common denominator instead. And despite the cries of techies everywhere, orgs still keep buying Microsoft garbage and dealing with the problems that inevitably occur.
"But yes, ultimately, Microsoft is to blame for outsourcing all this and not hiring good people themselves."
This may seem like victim blaming but the ultimate blame should rest with those who not only continue putting up with it but continue buying from Microsoft and other enshittified suppliers. As long as it's a profitable way of doing business it will continue to happen.
Of course. They wouldn't do it if it didn't remain profitable. Whatever business they lose due to bad support is likely already so unreliant on their products—and as such not a large source of income—that they still end up saving money when factoring in the outsourcing. Meanwhile, companies with no real choice and those with no managerial desire to change continue to use MS products, deal with the heat of hell, and fund the beast. Unfortunately it would take a large shift in the industry to see MS removed from their comfortable seat of power, where they're able to get away with such shoddy service.
…the technician will ALWAYS ask for a remote session, will ALWAYS ask for a phone call even though I specified I prefer email, and will ALWAYS be nigh fucking unintelligible when they do get on the phone…
I get almost exactly the same experience from Microsoft Support! But with the advantages that 1) they call me out of the blue even if I don’t have a Windows PC, which is really smart of them, and 2) they’re much more diligent about finding problems, even looking at the Windows Event Log and helpfully pointing out the evidence of VIRUS INFECTION from all the Info log entries. Then they courteously and efficiently ask for my credit card and give me the all-clear.
Who’s the dumb sucker NOW, eh? Eh???
"Two of them requested video evidence of exploitation (for things that don't even make sense to have a video of[...]), and the third was rejected as not a vulnerability with clear evidence that the MSRC handler didn't bother actually reading what I submitted."
Could it be that M$ are staffing their 'MSRC' with folks who don't actually have much (or any) actual expertise? So they can follow a video exposition from start to outcome, but with zero understanding of what's actually happening (and for the same reason can't make use of a textual exposition). So it's possibly not so much "didn't bother actually reading" as "couldn't make head or tail of the text". This, if it's the case, exemplifies the burgeoning population of "techies" who can cope with the externals of tech but haven't a clue about what goes on under the hood. They're bringing the technologies to their knees, but they're cheaper to hire than the fully informed.
I have an outstanding ticket with a company. I have detailed steps on this, the problem, screen shots and so on. I have even had 3 remote calls, 2 recorded showing the issue and what needs to be fixed.
Last "resoliution" I had was "you changed xxxx and so it has not applied. Please revert".
I point out that what they are saying is not the cause, it is not the problem. The fact that underlying critical components are missing and cannot be reinstalled / repaired is the problem...
they have not probably lost quite a big sale on that
At one company I saw an issue where customer created a ticket with description of a problem, screenshots, how to reproduce.
Problem was as it was investigated, he or she, doctored the screenshots and made up the replication steps.
That person was Karen like and caused support to escalate to dev team that spent good part of the day investigating it.
If you could sum hourly rate of all people involved in this, this created substantial damage.
But nothing really could be done about it.
Support confronted the person that issue is made up and never heard from them again.
This! Exactly this!
I cannot tell you how many time, and it is almost 99.9999% of the time a woman, that a fake problem was reported to the Service Desk because their manager asked them, "Why haven't you got your work done!?" The issue is always predicated with "The Service Desk is not responding to my problem!" Yet there is no previous ticket regarding this issue.
Occasonally tried to send a report with a video and get told the Video is too big - no matter what I have tried to do to the video / colour settings etc.
Then get asked to "attach the video" and point I cannot as I am told it is too big, and oh, i cannot send via email as it is..... too big
..deeply hate this trend to producing guides, manuals and instructions in video format only.
I can read a lot faster than I can watch a video and text allows me to stop, examine, 'rewind' etc without dealing with the particular UX of whatever 'disruptive designer' has breathed on the video app du jour or the mangled english of the narrator if there is one.
you get screenshots of commands. What, you want to copy the commands? Ha, you're funny.
I was recently surprised on a new android tablet in one app that I could select text from an image and paste it as text. Some sort of OCR I imagine.
Really quite useful when reading imaged documents (texts) and you want to search (google, bing etc) for a term or phrase.
Not entirely a lost cause but needless hurdles to jump.
Surprised MS support doesn't require a video of your writing a manuscript report of your support request. Vellum and goose feather. ;)
MS Powertoys has a 'Text Extractor' utlity that lets you select areas of documents (pictures, copy-protected pdf...), performs OCR and copies the result in the clipboard. Pretty useful when someone sent you a screenshot of 100 30-digit long IDs and you need the actual values.
..deeply hate this trend to producing guides, manuals and instructions in video format only.
Much of the material is scripted and presented by non technical people who clearly have very little knowledge about the product they purport to document.
You are often better off dredging the interwebs for the last available text document for the product as it's often more accurate and relevant. By the time the vendor has reached the point of video only enshittification the product is invariably fossilized internally with only an occasional gratuitous cosmetic makeover of the user interface which really only confuses everyone.
I just updated a laptop to Devuan Excalibre - the testing release, to see how it's going (short answer, fine with daily downpours of updates as might be expected). I realised I didn't have Pinta on there and the options being Flatpak or tarball I downloaded the tarball to compile. It's basically a dotnet app so a prerequisite is dotnet runtime. OK, go to the dotnet download site and install the latest dotnet version which is 9.0. After all the latest is sure to be correct, isn't it? Having found the runtime configure lets me compile. Try to run it and what happens? It will only run against runtime 8.0.
No wonder the W10 partition on that particular laptop seems to update several versions of dotnet each month. And no wonder the target area for vulnerabilities is so large if an installation has to support so many versions of the same thing.
If Microsoft's security response team are so dumb that they can't read simple text, understand it and then act on it, how can you trust them to be smart enough to do their job?
Still, yet more shit that the "I couldn't possibly exist without them" crowd choose to put up with rather than bother to make any effort to test that hypothesis.
Fragrance of crumbs? Luxury!
We had to make our own fragrance of crumbs by filtering the air from the fish factory - we lived in a barrel of rotting herring guts, all 26 of us, in the middle of the factory floor. And when we got home at night our father would chop down a tree using one of us.
"I reported three related but different vulnerabilities to Microsoft recently. Two of them requested video evidence of exploitation (for things that don't even make sense to have a video of, thus my malicious compliance example that I posted), and the third was rejected as not a vulnerability with clear evidence that the MSRC handler didn't bother actually reading what I submitted. Researchers doing the 'right thing' deserve better."
Of course they do, but this is Micros~1 you're talking to here. The world leader of enshittification (e14n). Besides, you know those clowns can't fix anything these days. So you, Mr. Dorman, being treated like belly-button lint shouldn't surprise you, or anyone else, for that matter.
It's not like they don't have form for this; they've been treating their putative customers like this for decades now.
One reason they're likely doing this is they know that creating a video is a time-consuming task. While they've got the user off playing at being Steven Spielberg they can then put the ticket as 'with user' - thereby stopping the SLA from counting down.
So, so many companies have started doing this nowadays. They'll ask you questions that you've already covered in the initial ticket, or want something completely unrelated, or want to do a remote session to see the issue 'in person'.
It's all so they avoid actually taking ownership of the problem (aka kick it down the road until it becomes someone else's problem) without impacting the SLA timescales.
This is NOT an excuse by any means !!!
The main driver behind this is 'TIME'.
The support drone has 3 minutes to understand your issue and respond to it.
If the support drone cannot read fast and has 'reduced' understanding of the software etc they are supporting ... it takes too long !!!
The hope is that your video will allow them to fast-forward through the issue and still have time to solve the problem.
If english is not their 1st language, long textual descriptions are difficult to understand.
Videos containing too much detail are equally the problem and difficult to understand.
Net result is that long and/or complex issues DON'T get solved !!!
THIS IS NOT NEW ... I CAN GO BACK 30-40 YEARS AND FIND THE SAME PROBLEM.
The fix is simple but costs money ... put well trained people on the support line !!!
As ever, this will not happen as profits are impacted by employing properly trained people.
:)
P.S.
The only way to push this is to vote with your feet ... BAD SUPPORT should lead to dropping the product for something else.
This will, of course, require finding a usable new product and possible re-training of 'your' staff !!!
Who wants to go first & explain this to the C-grade people in your organisation !!!
This uppity BS from vendors was predictable when the whole "responsible disclosure" thing started taking hold. Vendors just kept pushing until they basically claiming they could take as long as they wanted and make reporters jump through any hoops they wanted. And the groveling for "bug bounties" made the chance of consequences remote. Any possible protection the system might have given to users went out the window ages ago.
It's time to go back to the days of "dump full details on bugtraq and let Microsoft find them there".
Someone asked how to add "Copy to folder" and "Move to folder" to the context menu of Windows 10's File Explorer. Microsoft advised them to reinstall the operating system.
I knew it was two simple registry changes with Windows 7 so I made a VM of Windows 10, did the changes and it worked.
I reported my findings and got an email from Microsoft congratulating me on having solved my problem.
This reminds me of a certain unnamed vendor where I had a massive bughunt going.
SUP DUDE #1 - Please submit the details of your environment.
Me: Done.
... long back and forth ...
SUP DUDE #1 - gonna need to escalate.
SUP DUDE #2 - Please submit the details of your environment.
Me: but it's already there
SUP DUDE #2 - Please submit the details of your environment.
Me: Done.
... long back and forth ...
SUP DUDE #2 - gonna need to escalate.
SUP DUDE #3 - ... I'll let you all guess...
I get the idea. As tech support, one metric you get rated on your turnaround time. 5 min to send a request for unnecessary info to a customer does wonders for turnaround time. Especially if they get fed up, don't follow up and you close it for inactivity :-) Win win!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
