[codehusker]

From your source:

"Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible."

If you don't have the update, you are not protected, you are vulnerable.

[rjbwork]

If you or your IT dept is not installing updates, especially security patches, over 2 months after they come out, somethings horribly wrong.

[unpatchedyay]

Posting from a throwaway for obvious reasons, but the place where I work still hasn't applied these patches after I warned their IT dept about the NSA vulns a month ago... luckily I'm at least able to apply the patch to my own system manually. If it hits us I'm pretty sure we're screwed on the order of a few thousand systems.

[dorian-graph]

The reality is, this is very common.

[rjbwork]

Then what, realistically, can be done when nation-state knowledge of vulnerable systems is hoarded for cyber-warfare purposes?

[criley2]

Frankly, there is only one solution I can see anymore:

Laws must be passed to:

* Force the US government to report vulnerabilities to vendors

* Create a regulatory body to monitor the use of vulnerabilities in clandestine operations and ensure that mandatory reporting is upheld

I cannot see anything less working.

Get that through US and EU governments, and you'll likely have the vast majority of vulnerabilities being reported and patched.

Of course this is akin to asking the US and Russia to convert their nuclear stockpile into reactor fuel.