Great news from Tech-Ed – the MSRC (Microsoft Security Response Center) team made a presentation about how security vulnerabilities are patched on Microsoft platforms and applications. This is great background material and shows how much work goes into the updated binaries themselves. All this work happens well before XPE ever gets to work the Embedded voodoo to bring you the componentized versions – good info.
Oh, and one extra point – there’s a sentence in this article that reads:
On every product team within Microsoft, a staff member is on call to coordinate with the MSRC and join the investigation.
When I was on the Embedded team, that person for XPE was me. I don’t know who the person is now.