Hacker News new | past | comments | ask | show | jobs | submit login

The patch was finalized already in February. I wonder why it took so long to release it?

https://twitter.com/mikelabatt/status/863356853576749056




They're still providing these to Windows XP Embedded customers like those running it in ATMs, POS systems and industrial control systems until 2019. It's probably been out since march like the other OSes for those users, so they just released the same patch to everyone else.


So a month before patches for supported versions of Windows.

Does that mean I can get info on current Windows 0days simply by subscribing to XP support program?


Many of the researchers already test to see if they work on XP.

You could do what you said but it's pretty expensive and only works for a bulk deal at around $200/PC/year with a large number of PCs at a minimum.


I surely won't be doing it myself, but I can imagine some spook making this small personal sacrifice of becoming an employee at some Windows XP shop just to smuggle patches to his mothership for vulnerability analysis.

I hope that the fact this patch was signed in February doesn't imply that it was published in February and available to every semi-competent cyberwarfare unit in the world.


QA maybe? Imagine the shitstorm headlines Microsoft would get if they managed to accidentally brick every Windows XP computer in the field with an automatic security update.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: