• oce 🐆@jlai.lu
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    9 months ago

    In this case, downgrading to the not affected version. If there’s no possible downgrade, stopping the compromised system until it is fixed.
    Keeping the vulnerable system up because you think nobody else should know is a bet, I don’t think it’s sound. State actors are investing a lot to find and exploit those vulnerabilities, in this case probably even funded the implementation of the vulnerability, so I think you should assume that any vulnerability you discover is already used.