In a move that surprised many security experts, Microsoft announced they would be releasing a patch for Internet Explorer on Windows XP, an operating system that was essentially declared devoid of any further updates as of just a couple weeks ago.
They used their official blog to reluctantly distribute links to the patch for the widely-known IE exploit earlier this week, claiming that in the particular instance of a zero day this size, their hands were tied and they would need to go back on their original agreement to stop patching XP in the beginning of last month.
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” Microsoft’s general manager of Trustworthy Computing Adrienne Hall wrote. “We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown.”
According to their statement it seems that due to the extenuating circumstances of XP losing its support network a month earlier and the severity/spread of this particular Explorer bug, Redmond is making an exception to what should very quickly after this “last one” become the rule.
This play suggests that although Microsoft is sticking to its guns regarding the XP issues, its recent dealings with the governments of the UK and France would have us believe that just because they’ve declared the OS officially dead doesn’t mean the rest of the world is quite ready to watch it go peacefully in the night.
That means there are still millions of potential targets out there which need one form of protection or another, especially anyone who holds a public position working for the government in one capacity or another.
What does this entail for the future of XP? Not much, unfortunately.
Eventually Microsoft will have to make a decision whether they intend to continue patching the outdated operating system for the sake of the people who just won’t let go of it without a fight, or admit that at a certain point people are simply asking to get infected, and you won’t be able to convince them to spend money on an upgrade until all their data’s gone and it’s already too late to get it back.