I bet the container was in an isolated VM too.

Every infra I ever worked in used this pattern to a degree. Many proxmox vm's in a kubernetes cluster.

I've seen people manually create a separate unprivileged user on the host for each VM they run, so for them the pattern becomes:

1. VM running on hypervisor as unprivileged host user

2. Container running in VM as unprivileged vm user

3. Payload running in container as unprivileged container user.

Not sure whether layered isolation is worth the increased attack surface. For normal users (not targets of state actors), it probably is.

Okay, so I give the team that put this together credit. Hopefully the parent company sees based on this that it's worth letting teams invest more in quality and security work, over features.

Lets send a thank you letter to Bill Gates

I presume you mean Bill Gates Sr. because he fathered Bill Gates.

Microsoft has islands of security excellence in what these days is a sea of mediocrity.

What CISA report?

I’m guessing they mean this one:

https://www.cisa.gov/news-events/bulletins/sb25-167

> Microsoft--Microsoft 365 Copilot

> Description Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

> Published 2025-06-11

> CVSS Score 9.3

> Source Info CVE-2025-32711

https://www.cve.org/CVERecord?id=CVE-2025-32711

And maybe they are referring to this engineer from the linked advisory notes?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...

> Acknowledgements

> Arantes (@es7evam on X) with Microsoft Aim Labs (Part of Aim Security)

This one: https://www.cisa.gov/sites/default/files/2025-03/CSRBReviewO...

Not OP, but guessing they were referencing this one:

https://www.cisa.gov/resources-tools/resources/CSRB-Review-S...