Posted by Stefan Kanthak on Dec 22

Hi @ll,

in their software development kits Microsoft typically ships
Visual C++ (cross) compilers with headers and libraries,
including the MSVCRT for both static and dynamic linking.

The compiler(s) and the libraries are almost never updated (the
only update I know is <https://support.microsoft.com/kb/949408>),
not even when a vulnerability has been detected and patched;
sometimes they are even outdated when the SDK ships.

The result:…