[CydeWeys]

The margin would've been much wider still with responsible disclosure from the NSA, however. This means that fewer people would have been affected.

[mastax]

Unless the NSA reported it to MS back when XP was still supported, not much would change. People can (and do) reverse-engineer exploits from windows updates, and they could still take advantage of the large number of unpatched XP machines.

[muricula]

In an unusual move, after the worm statrted spreading MS released a patch to XP for this exploit.

[SomeStupidPoint]

Based on what?

The NSA likely gave MS months of lead once they determined what SB stole. A patch was pushed out before the release of the vulns.

There's no reason to suspect that people wouldn't have reverse engineered the vuln from the patch and had similar timelines of unpatched systems being exposed.

In fact, we see exactly that play out over and over with security patches.