Since today is the first of a new calendar month we saw the standard blog posts talking about what percentages the various operating systems are being seen around the Internet.
In April approximately 26% of the computers on the Internet were still running Windows XP despite its recent end of support date a couple of weeks ago.
Then this past weekend a very serious flaw was found in IE6 through IE11 that was being used as a vector in some attacks according to Microsoft and work a mitigation strategy was promptly published to help safeguard all users.
Today Microsoft announced they would issue an Out-of-Band security update to address the IE vulnerability in Microsoft Security Advisory 2963983 and I think, to no one’s surprise, they are choosing to also update Windows XP to protect its users against the vulnerability.
According to Adriane Hall, the GM of Microsoft’s Trustworthy Computing it was the closeness of Windows XP’s end of support date that prompted them to close this security hole on the ancient OS:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP.
I certainly understand the reasoning behind the decision as noted above however, at what point do you draw the line as I asked on Twitter today?
It is certainly a slippery slope for the software giant who is having trouble convincing users to move on from the 13 year old operating system as evidenced by last months user totals of 26%.
The more reprieves those users are given the less likely they will be to make the move.
So do you think Microsoft did the right thing by patching Windows XP systems?