Microsoft Corp. has quickly issued a patch for a serious Internet Explorer vulnerability, including coverage for those still using Windows XP.
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded),” Adrienne Hall, general manager of Microsoft’s Trustworthy Computing initiative, said in a blog Thursday.
“We made this exception based on the proximity to the end of support for Windows XP (three weeks ago). The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”
As some bloggers immediately wrote, it begs the question of when end of support for XP really ends. I believe this is truly an exception – although perhaps 25 per cent of the PCs around the world are still running the aging operating system. Microsoft has no financial incentive to keep patching XP, even though in this case it’s good for the image.
In fact one columnist insists Microsoft made a mistake. Peter Bright on ArsTechnica.com writes that “ one-off patch of this kind makes no meaningful difference to the security of a platform,” he writes. Some may believe that this patch makes Internet Explorer on XP safe.
“The job of migrating away from Windows XP just got a whole lot harder,” Bright argues. “I’m sure there are IT people around the world who are now having to argue with their purse-string-controlling bosses about this very issue. IT people who have had to impress on their superiors that they need the budget to upgrade from Windows XP because Microsoft (Nasdaq: MSFT) won’t ship patches for it any longer. Microsoft has made these IT people into liars. “You said we had to spend all this money because XP wasn’t going to get patched any more. But it is!”
That wouldn’t be a problem here. Our readers, who are Canadian enterprise-sized companies and governments wouldn’t still have XP machines in their environments, would they …?