This doesn’t affect me, so I won’t comment on the decision or its merits/alternatives. But I’m astonished that in the same article:
- they say that they removed DirectX 12 support to address a security vulnerability
- they say you can restore DirectX 12 support with the older, vulnerable firmware
… and don’t warn that this implies reintroducing the vulnerability. I mean, sure, the implication is clear if you’re reading top to bottom to understand the reason for the change. But it’s certainly not going to be clear to people who understandably may find this looking for a “fix”, where skipping to the solution is a common pattern.
That seems exceedingly irresponsible to me. Security fixes are for your users, not for your own checklist to cover your ass.
What do you expect them to do, instead? Simply not mention any alternatives? It's absurdly clear from the article that downgrading will leave you vulnerable, so anyone who actually cares is going to read the one (1) paragraph required to determine that.
I expect them to not explicitly endorse bypassing security measures they deemed appropriate to ship. But, you didn’t need to ask that, I thought it was quite clear that was my expectation.
- they say that they removed DirectX 12 support to address a security vulnerability
- they say you can restore DirectX 12 support with the older, vulnerable firmware
… and don’t warn that this implies reintroducing the vulnerability. I mean, sure, the implication is clear if you’re reading top to bottom to understand the reason for the change. But it’s certainly not going to be clear to people who understandably may find this looking for a “fix”, where skipping to the solution is a common pattern.
That seems exceedingly irresponsible to me. Security fixes are for your users, not for your own checklist to cover your ass.