Re: Risk Management
And yes, this vulnerability does exist in all versions of Windows. However, it was automatically patched in 10 a couple of months ago (except for those machines either not connected to the internet or owned by someone who "knows better"), and probably in the other versions too unless they're owned by someone too lazy or too paranoid to install updates in a timely manner.
Or they're simply wary of being "upgraded" to Windows 10 with the next automatic update, that curiously lacks a "No, I don't want to upgrade" button - and interprets the closure of the popup as "Yes, please upgrade me to Windows 10", even in violation of previous documented configuration policies that expressed a customer's desire to stay with their current OS.
What isn't being discussed is WHY so many people are not enabling automatic updates (which have curiously been the default since Windows XP SP2), and Microsoft's past behaviour is a huge reason: When they pulled that automatic upgrade stunt with Windows 7 -> 10 updates, many people will not have been tech-savvy enough to Google (and then find) the right KB to remove. They will simply have reinstalled the OS and disabled updates to prevent unauthorised modifications by Microsoft. Or learned from others' misfortune and simply disabled updates before their system was "upgraded" without their permission.
When you openly piss in the village well, don't expect that water supply to remain very popular. Microsoft made it abundantly clear to many of its own customers that future "updates" could no longer be trusted. So, knowing this, one cannot blame those customers who, fearing the interruption of their business by an unauthorised change of OS, simply took the path of least resistance, and stopped trusting them.
These people were put between a rock and a hard place, and that was Microsoft's doing. Totally unforgivable, in my opinion.
To many in the IT industry who know that the free Windows 10 upgrade "offer" is no longer running, there will be many more people out there who don't know, because they stopped worrying about the issue when they disabled automatic updates, and they do not read the IT press. Of course, this plays right into the hands of hackers, and that is one good reason why the damage on this occasion has been so spectacular.