[asdafa]

Not only that... The main concern is that since Vista/7/8 are derived from XP, they also share critical vulnerabilities hidden inside the core of the OS. If Microsoft stops publishing patches for XP, there is a non trivial risks that attackers will be able to look at a patch for a newer Windows version, reverse it and make an exploit that will work perfectly on XP, which won't get the security fix.

[korethr]

No they're not. Check the major version numbers. Windows 2000, 2003 and XP were build on version 5 of the NT kernel/architecture. Vista involved a major overhaul and was version 6. Windows 7, 8 and 8.1 are versions 6.1, 6.2, and 6.3, respectively.

[tanzam75]

You can't make blanket statements like that. It depends on where the vulnerability is.

For example, Vista has a substantially-rewritten networking stack. A networking exploit in Vista would not necessarily translate over to XP.

On the other hand, there's a lot of legacy code around in GDI+ for decoding graphics formats. A file format exploit would be highly likely to carry over to XP.

[korethr]

Fair enough. I misunderstood the parent when posting that. Re-reading it and your comment, it makes more sense.

That makes me curious as to just how much legacy code still exists in Vista/7/8/8.1, and where. I guess it's time for me to do some more research.

[tsomctl]

Given that this site is dedicated to programmers, I'd expect you to realize that a new version of a program isn't a complete rewrite.

[randomdata]

As much of an overhaul there may have been, it seems unlikely that NT 6.0 was started from scratch. Is there no chance vulnerable sections of the codebase carried over?

[InclinedPlane]

The version numbers don't indicated complete and utter uncommonality of the code base, they just indicate points of major revisions. XP and Vista/7/8 do still share a lot of common sub-systems, code, and designs, many vulnerabilities that will be discovered and patched in currently supported versions of windows will definitely apply to XP.