That's why they need to go to formally proven systems, it *is* doable (see Verve).
Not sure about the relevance of the Verve article.
My point is that Microsoft is not adhering to Information Security Vulnerability Management standards that provide timely patch fixes for remediation.
Some High Risk Vulnerabilities on Critical systems ie: CVE 9 - 10.0 are required to be fixed within 24 HOURS.
Microsoft dragging it’s feet beyond 10 days after Google notified them, and then failing to disclose the Zero day exploit to the public and provide a patch fix is GROSSLY NEGLIGENT.
Top 30 Targeted High Risk Vulnerabilities | US-CERT
https://www.us-cert.gov/ncas/alerts/TA15-119A
Maintain up-to-date software
The attack vectors frequently used by malicious actors such as email attachments, compromised “watering hole” websites, and other tools often rely on taking advantage of unpatched vulnerabilities found in widely used software applications. Patching is the process of repairing vulnerabilities found in these software components.
It is necessary for all organizations to establish a strong ongoing patch management process to ensure the proper preventive measures are taken against potential threats. The longer a system remains unpatched, the longer it is vulnerable to being compromised. Once a patch has been publicly released, the underlying vulnerability can be reverse engineered by malicious actors in order to create an exploit. This process has been documented to take anywhere from 24-hours to four days. Timely patching is one of the lowest cost yet most effective steps an organization can take to minimize its exposure to the threats facing its network.