The moral mire of not patching Windows XP

Windows XP

Should Microsoft sometimes support its expired OS for the greater good?

Microsoft this week faced the strongest test of its resolve to leave Windows XP unpatched. A serious flaw that has lain undiscovered in every version of Windows since 95 was fixed in all supported versions of Windows, but not Windows XP, which stubbornly remains the world’s second most used desktop operating system.

This is no ordinary bug, no trivial flaw. Rated as Critical by Microsoft itself, and scoring 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS), the hole is about as serious as they come. If exploited, the flaw could allow attackers to take control of the user’s machine, potentially turning the PC into part of a massive botnet, for instance. The flaw hasn’t been exploited yet, but the IBM researcher who discovered it said it was “only a matter of time”.

Given that Microsoft will likely already have patched the bug for those enterprises paying for extended support for Windows XP, would it not make sense to nip the threat in the bud and release an update for all Windows XP PCs? Microsoft doesn’t think so.

“Microsoft no longer provides security updates for this operating system,” came the stiff-upper-lip reply from Microsoft’s press office, when I asked whether it intended to patch the flaw in Windows XP. “Our advice to customers is to migrate to a modern OS, like Windows 7 or Windows 8.1.”

VIA: PC PRO

  • Given that Microsoft will likely already have patched the bug for those enterprises paying for extended support for Windows XP, would it not make sense to nip the threat in the bud and release an update for all Windows XP PCs? Microsoft doesn’t think so.

    Here is where the problem lies. For business customers, there is a path for them if they require the update… they can purchase the extended support package. But for retail customers, there is no alternative. Microsoft does not offer some form of extended support to the regular joe, so the only option is to go buy another OS or just live with it.

    Then again, this may not even be a big deal either. It is (as some say) a FUD article. The exploit is clearly laid out as being a drive-by attack on IE. This means going to a malicious website using IE. It is entirely possible for an XP system to be unpatched and not have this ever happen… due to either using another browser, or the user having some inkling on how to properly surf the internet.

  • Besides the very high probability of being essentially FUD, this has the usual issue:
    http://www.pcpro.co.uk/operating-systems/1000045/the-moral-mire-of-not-patching-windows-xp?

    Microsoft may have a business case for refusing to patch Windows XP, but it’s lost the moral high ground.
     

     
    In order to lose “moral high grounds” one needs to have them, as I see it.
     
    jaclaz