alt Hacker NewsImpressive work!
This makes me wonder if Microsoft’s commitment to long-term support is part of the problem: instead of deprecating these ancient APIs they keep them on life-support, but forget some "regression-test" on how they interact with the shiny new surfaces.
Feels like P0’s Windows Registry talks, most of the vulns weren’t in the new code, they were in the how legacy behaviors interacted with newer features.
Microsoft also forced to keep these legacy code tbh
You see, most enterprise client with big enough contract can force to do this and MS need to support this customer until they migrate or if they ever be at all
I may argue for any big legacy enterprise software, its easier to rewrite the damn whole thing than to support the legacy code forever but they cant do that even if they have motivation/resource