May 02, 2014

Did Microsoft make a mistake by patching IE for Windows XP?

Microsoft made “a one time exception” to patch the current Internet Explorer zero day exploit for Windows XP, even though support for XP has ended. I’m wondering if this may have unintended consequences. After hearing that they will have vulnerable systems if they do not upgrade from XP, holdouts have now seen that in the face of a serious security issue Microsoft might make “an exception” and patch it anyway. Of course, Microsoft said explicitly that they would not, but will that be enough to convince people of the risks?

Microsoft reminds me of some Windows XP users, they are still clinging to it. At some point they have to cut the cord and just let it go.

 I think that you are right. It reinforces the attitude that if there is a “real” security threat, Microsoft will still patch it even though XP support has ended. It also mitigates any sense of urgency to upgrade XP machines. I seriously doubt that many of the people resisting upgrades have any comprehension of the number of vulnerabilities that get patched in Windows each month anyway.

Answer this