The End Has Truly Come for XP Support

Sue Marquette Poremba
Slide Show

Final Patch Tuesday Quietly Ushers Out XP and 2003

When Microsoft released an out-of-band patch for the zero-day vulnerability in Internet Explorer, it included a fix for Windows XP users. You may remember that the vulnerability was the first in the post-XP-support era, and you can count me among those who were surprised that Microsoft offered the fix to XP users. Did Microsoft quietly give in to those who either wouldn’t or couldn’t upgrade from XP by the deadline? I figured we would get an answer to that question this week, as the scheduled Patch Tuesday rolls out.

Infosecurity Magazine reported that this month’s Patch Tuesday is the largest one yet this year, stating:


Microsoft is breaking with recent tradition by announcing its heaviest patch load of the year so far for next Tuesday, including two critical updates for Internet Explorer and SharePoint which will affect a large swathe of businesses.

But this time, the patches will not cover Windows XP. As Jeff Davis, vice president of engineering at Quarri Technologies, said to me in an email:

It looks like Microsoft will stick to its pledge to cut XP users off of security updates. This means Internet Explorer is now fundamentally unsafe on XP, and will be forever. Organizations and individuals still stuck on XP need to take urgent action to ensure IE won’t be used, or install third party security solutions that could help fill the gap.

Ross Barrett, senior manager of security engineering at Rapid7, echoed those thoughts, telling me:

The IE critical is the first that clearly would have applied to Windows XP, but for which a patch is not available.  IE 6, 7, and 8 are vulnerable on Windows 2003 SP2. This would historically have mapped to the same scope of XP patches, but not this time. Anyone still using XP just got a little less secure— not that they were well off to begin with.

Interestingly enough, however, even Microsoft itself says that XP is more secure than other Windows OS versions. In its latest Security Intelligence Report, Microsoft revealed XP computers had a lower infection rate than those using Windows 7 or Vista. But the study was done before Microsoft dropped support for XP, so we’ll have to see how those numbers change in the coming months.

Right now, the real culprit in this particular vulnerability situation is IE, and without a patch, XP users can take the simple security step of not using IE as a browser. Beyond that, XP security could become troublesome.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data