Hacker News new | past | comments | ask | show | jobs | submit login

Microsoft really ought to develop their own worm, and use it to patch the flaw.

They can release it on the same day as the regular updates, and scan the whole IPv4 address space every hour.

That way, the pool of unpatched machines will be so tiny it isn't worth evil people trying to exploit it.

Its the same threat vector as BlueKeep, so I would imagine the prime exploitation window for Win7 (which was/is vulnerable to both) has already passed.

A quick Shodan query already does what you're thinking.

Wouldn't that be illegal? I hope so.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact