Bedrock: Hackers Know the Bugs Will Not Be Fixed

May 11, 2026

Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.

Okay, we have Mythos. We have other LLMs that can find bugs. We have students in Estonia learning cyber security by banging away at Windows Azure, Windows 11, and Windows Teams. What do we learn from Tom’s Hardware? Answer: “We still have Windows 11 using ’90s code.”

What’s that suggest to you? I will share what my thoughts are once I take a look at a couple of passages from Tom’s “Microsoft CTO Confesses That 30-Year-Old Code from the Mid-90s Still Forms the Bedrock of Windows 11 — Ancient Win32 API Still the Backbone, But CTO Says It’s More Relevant Than Ever in 2026.”

Thanks, Venice.ai. Good enough.

The write up reports:

… the firm is currently in the midst of a major transformation, targeting enthusiast hot button areas like Windows performance, overhead, and reliability. This drastic pivot was cautiously welcomed in contrast to Microsoft being widely slammed for boasting about Windows “evolving into an agentic OS” last November. Currently, Microsoft seems to be flailing around, trying to stop folks straying to pastures greener like Mac and Linux.

I thought Microsoft made security job number one after SolarWinds. Now we have a “transformation.” But the company is transforming from what to what. Is it transforming to a security first outfit to an AI system? Is it transforming from desktop software to a cloudy solution? Is it transitioning from a baloney output machine to a horse feathers output system?

The write up states:

The CTO explains that Win32 has persisted even when facing targeted existential threats from within Microsoft, particularly in the Windows 8 era. “There’s been various times in Microsoft’s history where we thought we’d reboot the Windows API surface, like WinRT, that actually didn’t play out the way a lot of people expected it to.”

Explains? I think this means that Microsoft engineers cannot fix up, remediate, or reliably enhance Windows because of its bedrock. Yeah, that is helpful.

Okay, what’s my reaction?

Windows is old code swathed in wrappers. Unlike “baby diapers” these wrappers cannot be cleaned. More digital diapers are added, thus increasing the attack surface for “germs” like the computer science students honing their cyber skills by hacking at Microsoft software.
There is no fix. How do I know this? The WinRT statement means to me, “Yeah, we tried and failed.” The implication is that one pays for follies like the AI craziness in Notepad and the core issues from the 1990s are still there like defective protein strings that will one day go wacky so a system, like some people, fall over dead. Nifty.
The trotting out of a tools person who was hired by Microsoft and then having him explain the value of bedrock and the persistence of old problems does zero for my confidence in the Microsoft outfit. Sure, it makes money, but it creates massive problems for its users, customers, and partners. Guess what? Too bad.

Net net: I have a number of Mac computers. Exactly zero of them present weird software failures like a failure to print, messages that a NAS cannot be found, or mice that don’t mouse. This article is a good promotion for a shift to greener pastures. Typical Microsoft. Hands waving and a shoulder shrug. Yeah, WinRT.

Stephen E Arnold, May 11, 2026

Written by Stephen E. Arnold · Filed Under Business strategy, Microsoft, News, Technology

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.