[SXX]

Well. Its a bad news for society as whole.

Security industry going to be okay - someone will always pay for 0-days. If vendors wont pay its just gonna be US agencies, Israel resellers, China or Russia.

If you don't feed your army, you will soon feed someone's else's.

[rurban]

It's had bad news only for Windows buerocrats. Good orgs don't use Windows.

[mapontosevenths]

I have now worked for/with a significant percentage of the fortune 500. All used Windows in some capacity.

Is this just your way of saying that only tiny, weird, companies are "good"?

[rurban]

It's saying that those with Windows could be 100x more effective and secure. Wasting billions of money and a lot of time

[hparadiz]

These days corporate security treats these workstations like a dummy terminal. No secrets live on the workstation. You have to re-auth with sso constantly with biometrics and are basically editing data that is in a cloud. So the risk to a corp is minimal where even in the worst case they are insured.

Zero days like this are being disclosed regularly so the idea of securing a windows workstation is tantalizing but you'll never feel satiated trying to drink that water so don't even try.

So yea there's plenty of windows users but we're certainly not hosting anything important on those boxes and would frankly be aghast at the suggestion.

[thewebguyd]

> These days corporate security treats these workstations like a dummy terminal

Correct, "zero trust" is the buzzword but this is how Microsoft even recommends you set up your endpoint infra. Assume breach, treat every endpoint as if it is currently compromised or could be at any time. Laptops are basically ephemeral, when set up right, and can be wiped and re-imaged within an hour or less.

That's not unique to Windows either, that's how all employee/user endpoints should be managed.