I received this email as well, I probably should have clarified to say that it would be interesting to know if any of this was ever actively exploited. I assume this hasn't happened, considering the sentence in their report, but this is a client vulnerability, so logs may not have reached their servers(I know nothing about their telemetry setup or what is actually logged, which is why I mentioned that a blog post about their part of the procedure might have been nice).
1) they probably don't get notify
2) they also have interest to say no if isn't being exploited publicly even if they are searching cases internally.
In any case the response feels solid most companies will try force update whit vulnerability a and not disclose what the problem was and then blame the public for not have the software update, this giveme security about the compaby, it's also problematic because it drains the the time of the host to update their systems.
> Am I affected?
> Yes. Your tailnet has at least one Windows node running a version of Tailscale prior to v1.32.3.