Re: Risk Management
That's not a correction. A patch for this was issued in March. If you are two months behind on your patches that would be a problem for GNU/Linux systems as well. Or do you leave your systems unpatched for that long as well? If so, you're not fit for a job as a sysadmin.
The greater problem here is agencies such as the NSA instructing companies to leave vulnerabilities available such as in the case of the Intel AMT bug which according to Semi-Accurate was almost certainly left in by request. What we're really seeing here is a highly visible example of why we shouldn't be allowing the government to mandate backdoors into systems such as Theresa May and Amber "we must know the necessary hashtags to combat terrorism" Rudd want us to create.
Seriously - an unpatched OS is a security risk. Using an OS written sixteen years ago and STILL refusing to upgrade it - that's on Jeremy Hunt and his ilk. Don't try to deflect the blame elsewhere.