A new car will not use old parts, but it WILL reuse the same design of the engine and the transmission, and possibly the same door locking mechanism. If you find a bug in the way the doors are locked that lets you bypass the lock and enter the car, chances are the same bug also exists in older models.
Components of goods : When I buy a car, I pay for the thought gone behind implementing the lock (and engine, transmission, putting it all together etc.) AND the steel / plastic / ICs that the car physically consists of. Cost (not price) of building a car is about 90% (+-20%) for the material / labour used in building the car directly or indirectly, and 10% the thought behind it and expression into physical machines. If older lock has a vulnerability and newer car shares the vulnerability, I fully expect a huge discount in the 10% thought portion of the car, and "Refurbished" sticker on the thought sold separately (if).
It is this 10% (+-100%) that is identical in Microsoft's software and cars which is why I made the analogy.
When I buy a software (download), the cost of the item I buy is ALL in the thought and expression into machine code. So I expect the same huge discount and Refurbished sticker on 100% of the item.
Expectation from security : In physical locks, there is also the impossiblity of having a perfect lock - that comes from a near impossibility of remote exploit as well as the impossibility of a lock being secure in spite of physical access to the device (car). So the lock is little more than keeping honest people honest. It is NOT so with Software, where remote exploit is very feasible. If vulnerability exists because of physical access to a computer, Microsoft for its OS is off the hook because it doesn't sell most conputers itself. So expectations from security in Software "goods" is very high.
A car with remote exploit across models over multiple years would expect to lose more for the manufacturer than they ever spent on the "thought" behind ALL of the car.
I also mentioned that Microsoft
skimped on effort (code reuse), resulting in a poor product (shared security bugs with ancient software). Why does that not result in much cheaper software, or at least a sticker "Refurbished"?
Which is the point that stands regardless of the suitability of the analogy, and which you didn't address.