Did Microsoft make a mistake by patching IE for Windows XP?

blackdog

Microsoft made “a one time exception” to patch the current Internet Explorer zero day exploit for Windows XP, even though support for XP has ended. I’m wondering if this may have unintended consequences. After hearing that they will have vulnerable systems if they do not upgrade from XP, holdouts have now seen that in the face of a serious security issue Microsoft might make “an exception” and patch it anyway. Of course, Microsoft said explicitly that they would not, but will that be enough to convince people of the risks?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (2)

Microsoft reminds me of some Windows XP users, they are still clinging to it. At some point they have to cut the cord and just let it go.

ablake
Vote Up (2)

 I think that you are right. It reinforces the attitude that if there is a “real” security threat, Microsoft will still patch it even though XP support has ended. It also mitigates any sense of urgency to upgrade XP machines. I seriously doubt that many of the people resisting upgrades have any comprehension of the number of vulnerabilities that get patched in Windows each month anyway.

Ask a question

Join Now or Sign In to ask a question.
Financial institutions use many technologies to fight crime, but much of the work comes too late, focusing on suspicious activity, like uncharacteristic charges or money transfers, after it happens.
Dennis Technology Labs says it tested it because of marketing claims for it; Malwarebytes says free version of product is just a clean-up tool.
A new survey of IT security professionals shows that many businesses are barely starting to exploit mobile technology, and some of them may be a mobile security nightmare waiting to happen.
The Russian Ministry of Interior is willing to pay 3.9 million roubles, or around US$111,000, for a method to identify users on the Tor network.
Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.
European data protection authorities still have questions after meeting with Google, Microsoft and Yahoo about the implementation of a recent ruling that gave European citizens the right to be forgotten by search engines.
An iPhone user has filed a lawsuit for invasion of privacy against Apple, about a week after a Chinese state broadcaster raised security concerns about the device's location-tracking functions.
Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.
A hacker group calling itself "Anonymous Kenya" has poked holes at the government's cybersecurity preparedness by hacking two official Twitter accounts.
New guidance from Microsoft researchers suggests that users re-use simple passwords and avoid password management services.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+