Sorry, may not have made my position clear there. If Microsoft decided to patch out remote execution entirely, both legitimately and illegitimately, that would be a hard decision with both pros and cons, and in some cases where I think the former outweighs the latter, I would applaud them for it.
But if they did, that still puts the hospitals between a rock and several hard places if their MRI machines depend on legitimate remote code execution. Do they not ever install the patch, leaving them open to RCE exploits that would likely never be patched?
Do they buy new MRI machines, which might be millions of dollars of one time investment, over something that only doesn't work because of a patch?
Do they risk who-knows-what legal trouble trying to get an unofficial patch for their machines, if the maker will not provide?
Do they spend the money on a top notch InfoSec team that can mitigate the risks, investing less up front but needing them around forever to keep the ship floating?
I don't blame Microsoft, but that doesn't erase the challenge for the hospital.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Sorry, may not have made my position clear there. If Microsoft decided to patch out remote execution entirely, both legitimately and illegitimately, that would be a hard decision with both pros and cons, and in some cases where I think the former outweighs the latter, I would applaud them for it.
But if they did, that still puts the hospitals between a rock and several hard places if their MRI machines depend on legitimate remote code execution. Do they not ever install the patch, leaving them open to RCE exploits that would likely never be patched?
Do they buy new MRI machines, which might be millions of dollars of one time investment, over something that only doesn't work because of a patch?
Do they risk who-knows-what legal trouble trying to get an unofficial patch for their machines, if the maker will not provide?
Do they spend the money on a top notch InfoSec team that can mitigate the risks, investing less up front but needing them around forever to keep the ship floating?
I don't blame Microsoft, but that doesn't erase the challenge for the hospital.