Final Patch Tuesday Quietly Ushers Out XP and 2003 When Microsoft released an out-of-band patch for the zero-day vulnerability in Internet Explorer, it included a fix for Windows XP users. You may remember that the vulnerability was the first in the post-XP-support era, and you can count me among those who were surprised that Microsoft […]
Final Patch Tuesday Quietly Ushers Out XP and 2003
When Microsoft released an out-of-band patch for the zero-day vulnerability in Internet Explorer, it included a fix for Windows XP users. You may remember that the vulnerability was the first in the post-XP-support era, and you can count me among those who were surprised that Microsoft offered the fix to XP users. Did Microsoft quietly give in to those who either wouldn’t or couldn’t upgrade from XP by the deadline? I figured we would get an answer to that question this week, as the scheduled Patch Tuesday rolls out.
Infosecurity Magazine reported that this month’s Patch Tuesday is the largest one yet this year, stating:
Microsoft is breaking with recent tradition by announcing its heaviest patch load of the year so far for next Tuesday, including two critical updates for Internet Explorer and SharePoint which will affect a large swathe of businesses.
But this time, the patches will not cover Windows XP. As Jeff Davis, vice president of engineering at Quarri Technologies, said to me in an email:
It looks like Microsoft will stick to its pledge to cut XP users off of security updates. This means Internet Explorer is now fundamentally unsafe on XP, and will be forever. Organizations and individuals still stuck on XP need to take urgent action to ensure IE won’t be used, or install third party security solutions that could help fill the gap.
Ross Barrett, senior manager of security engineering at Rapid7, echoed those thoughts, telling me:
The IE critical is the first that clearly would have applied to Windows XP, but for which a patch is not available. IE 6, 7, and 8 are vulnerable on Windows 2003 SP2. This would historically have mapped to the same scope of XP patches, but not this time. Anyone still using XP just got a little less secure— not that they were well off to begin with.
Interestingly enough, however, even Microsoft itself says that XP is more secure than other Windows OS versions. In its latest Security Intelligence Report, Microsoft revealed XP computers had a lower infection rate than those using Windows 7 or Vista. But the study was done before Microsoft dropped support for XP, so we’ll have to see how those numbers change in the coming months.
Right now, the real culprit in this particular vulnerability situation is IE, and without a patch, XP users can take the simple security step of not using IE as a browser. Beyond that, XP security could become troublesome.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
