Microsoft had to patch Windows XP

Microsoft had to patch Windows XP

Summary: With a high-profile bug so close to XP's end of support, there was very little upside for Microsoft in being strict. This sort of thing has happened before.


Much of the news about the recent Internet Explorer zero-day attacks had to do with the prospect of Windows XP not being patched. This was in spite of the fact that the actual attacks in the wild didn't work on Windows XP. Even so, Microsoft decided to patch Windows XP, even though it passed its expiration date several weeks ago.

They really had no choice. By not patching XP today they would have taken a stand which was very defensible, as the warning of this happening is years old. But there would have been lots of bad press and concern for the poor XP users.

I've already heard people say that this won't be the last XP update, but it might be. It depends on how long it is until the next severe vulnerability and, in particular, the next zero day.

Something similar happened in early 2005. Support for Windows NT 4 had ended in December 31, 2004, and it was a server operating system of great importance at the time. So when CAN-2005-0050 came out, "MS05-010 — Vulnerability in the License Logging Service Could Allow Code Execution (885834)," Microsoft released an NT4 update even though it had said it wouldn't and, just as with XP, they had been warning users for years.

Microsoft did take one measure to show NT4 users that things were changing: the update was not put on Windows Update and had to be downloaded from the Microsoft Download Center and installed manially. The advisory contains the company's explanation:

Windows NT Server 4.0 Service Pack 6a and Windows NT Server 4.0 Terminal Server Edition Service Pack 6 reached the end of their life cycles on December 31, 2004. On this rare occasion, we believe that this vulnerability presents a serious risk to a broad number of customers. We have previously communicated that we reserve the right to produce updates in these situations. We determined that the best course of action to help protect customers was to release this security update. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin. However, since Windows NT Server 4.0 is no longer in support, this security update will only be available on the Microsoft Download Center and will not be available through Windows Update.

We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but as mentioned previously, we reserve the right to produce updates and to make these updates available when necessary. It should be a priority for customers who have this operating system version to migrate to supported operating system versions to prevent potential exposure to vulnerabilities.

MS05-010 was the last update released for Windows NT 4.

So it depends on what happens. The first Patch Tuesday of the XP end-of-service era is 12 days from now. Let's see if there are Windows bugs not fixed in XP then. I'm betting that's when they start to take a stand. But even so, we're still close enough that if something severe and unexpected comes up, we might still see the next of the final updates to XP.

Topics: Security, Microsoft, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Allow users of software to support themselves.

    Abandonware should be open source. Why not? If a company stops selling it, and they don't support it, it should be user-serviceable!

    Our current system is more than a bit crazy. I'm not even arguing against the length of copyright. I'm arguing for the owner of a book to be able to read and write in that book.
    • Unfortunately, they won't and can't.

      90% of the code in Windows 7 and 8 came from XP.

      Even under their most loudly claimed "rewritten" about 80% of the code came from previous versions.
      • I am sure Microsoft

        Never claimed it wasn't ! The whole win32 api carries over from previous Winnt version, it is the whole application compatibily advantage.

        Over at your side of the fence, the codebase isn't completely rewritten either, that would make no sense whatsoever.
        • Evolution

          In many ways Windows 7 was Vista with a compatibility mode. Even though it was a considerable share I doubt that 90% came from XP. Jesse, where are your facts coming from? Please provide a citation.
          • The fact that so many of the same applications exist

            on both systems...

            And the fact that Microsoft doesn't have ENOUGH of a staff of coders to rewrite everything... Given 10 years worth, maybe.

            But even with that, they don't even know how all of it even works... (the example of having to ask the Samba project how CIFS is supposed to work...)

            But it is also based on the fact that MS has declared several times that Windows was "completely rewritten"... only to have the same bugs in all releases.

            No, they don't. each version has at least 80-90% of the same code, the same bugs, and the same poor design.

            The linux distributions don't even CLAIM to have "completely rewritten" a distribution. The kernel itself has nearly been rewritten - since 2.5... but even then, there remains some 15% to 20% of the same code.

            And there are far more Linux developers than there are Microsoft employees.
          • Keep pulling at straws, buddy...

            "But even with that, they don't even know how all of it even works... (the example of having to ask the Samba project how CIFS is supposed to work...)"

            The original Windows was released around 28 years ago. Now tell me, do you really expect every employee to understand EVERY part of an operating system? Chances are, there are many employees who understand different part of the operating system, working together to get everything working.

            "But it is also based on the fact that MS has declared several times that Windows was "completely rewritten"..."
            Did they declare that? If you were talking about the smarthouse article, here's a link to some people talking. Oh, and the article is dead now.

            "And there are far more Linux developers than there are Microsoft employees."
            And there are more Windows developers than Linux developers. So what? There are less Ubuntu employees than there are Windows employees.
          • So,

            ForeverCookie, when you say "The original Windows was released around 28 years ago. Now tell me, do you really expect every employee to understand EVERY part of an operating system? Chances are, there are many employees who understand different part of the operating system, working together to get everything working." That is truly pulling at straws.

            What you are really saying is that there is no one left at Microsoft that understands CIFS, which is why they had to go to the SAMBA team?
          • The kernel is completely re-written ...

            ... from time to weed out inefficiencies in old code which had been patched and re-patched over the years. Software that doesn't undergo a re-write now and then eventually becomes sluggish and falls out of favor. This is what happened to WordPerfect.

            Windows 2000/XP were based on the NT 5 kernel.

            Windows Vista, 7, 8, & 8.1 are the NT 6 kernel. From the timeline Microsoft has published, I expect that Windows 9 (or whatever they call it) will be built on the NT 6 kernel as well.
            M Wagner
          • No

            You have been told this before. The kernel was not, is not, and has never been "totally rewritten."

            Nobody does this, and Microsoft has never claimed they have. They moved a handful of things in and out of kernel mode related to video, and they added a transaction manager.

            This was not, is not now, and has never been a "complete rewrite."
          • MSTrolling

            I like you; you have such an anti-MS thing going I'm beginning to think you might actually be on the MS payroll to make OSS look unprofessional & troll-like in comparison. Really, do you think your comments promote OSS or is there a net loss here? Seems obvious to me which one, and being a big fan of MS tech all I can say is please don't stop :)
          • Intellectual Property Rights ...

            ... is the issue. That's why Microsoft cannot put Windows XP source-code I the public domain.

            Windows Vista, onward, all conform to Windows XP APIs. The only reason people have trouble running pre-2007 code on Windows 7+ is that Windows XP offered backward compatibility - to the point of violating Windows XP APIs.

            Backward compatibility came to an end with Windows Vista. With the retirement of Windows XP, the chickens are coming home to roost.

            Fortunately, those who recognize the importance of keeping hardware and software up-to-date are in good shape. Those who have refused to see the writing on the wall (on that wall since 2007, BTW), are paying a heavy penalty for their stubbornness.
            M Wagner
          • Intellectual Property Rights ...

            o disppoint you but the rerst of the world is not in favoutr of dumping perectly good hardware to accommodate Microsofts marketing department.The stubborness is on the part of Microsoft who treat their customer base as cash cows. If they spent a 10th of the marketing budget on employing mature code writers instead of lazy can't care less individuals, together with some qulaity control oversight, then they might be able to produce a workabel acceptable product prior to release. IE is and has been an unmitigated disaster. Microsofts OS's are bloatware par excellence. Funny that IBM mainframes operate with an OS of less than 185Mb but it takes upwards of 3 Gbs for an MS OS that really is nothing more than a poorly constructed batch process.
          • Good news! They don't have to.

            "... but the rerst of the world is not in favoutr of dumping perectly good hardware to accommodate Microsofts marketing department."

            Windows XP will keep on working. I fail to see a problem.
          • if you keep it firewalled and use non MS apps.

            Like chrome/Firefox Thunderbird etc you don't really have that much of a problem.. Still lots of antivirus apps available for XP.. All of those apps update regularly.. I would have no problem running an XP machine like that.. In fact until someone broke into work last week and stole it. I had a laptop set up exactly like that for testing. If it isn't doing any server stuff and you are not using any micosoft apps to do internet based stuff.. Where is your exposure? Maybe using ms office will get you stung if you open one from an email.. So open it in Google docs first.. Or office online ... Or libre office etc. Nothing to see here.
          • remember.. its the ms apps not getting patched.

            The majority of the time it isn't the OS Microsoft would patch.. It's apps running on it. Internet explorer, outlook express etc etc.. If you are going to keep using XP safely you have to swap to non MS apps that will keep getting patched. Bet you any money that Google and Mozilla keep making their products XP friendly to capitalize on Microsoft dropping support for all of its apps on XP to try to force people to update.

            Remember that the IE that is the latest on XP is nothing much like the IE that came with XP... But it won't get any more patches either.. The thing that annoys me is that it wasn't that long ago that Microsoft used XP to trash Linux on netbooks.. Knowing full well they were selling people an OS with a limited shelf life. Because vistra ran on netbooks like old people bonk.
      • Microsoft has never claimed to have rewritten everything

        that mostly comes from some of the non-technical people who post here.

        Microsoft has allowed people under license to see the code, but they haven't published it. And they likely can't - Microsoft uses some licensed technologies which they may be required to keep under wraps.
        • I wish I kept urls for every news article made

          Because there was indeed at least one article that said Vista development was reverted to an earlier checkpoint and altered... regardless, if you think MS never once rewrote anything, as a software company, over the span of (how many decades), then there are a lot more non - technical people...
          • Vista reverted to an earlier timepoint, the story...

            After Windows XP and Server 2003 shipped, Microsoft started working on Windows v.Next (code name Longhorn).

            Full disclosure, I was a full time QA person at Microsoft during that time.

            It was a glorious dream where most of the OS would be written in Managed C++ and C#, and those of us who worked on it spent a few years trying to make sense what the developers were checking in on a daily basis. The problem is that their mantra of "works on my machine" was the standard by which most of that crap got checked in.

            We would go literally WEEKS without a build that would actually build, let alone install, and when we got one that would install, it wouldn't always boot, and when it would boot, it wouldn't always work.

            There was one period where we went two months without getting something new that we could execute tests upon.

            After nearly three years, they realized that the haphazard checkins had made the project completely unsalvageable so we rolled back to Windows Server 2003 and worked from there. Why Windows Server 2003 you might ask? Because it was more secure than Windows XP and had a more recent code base.

            So code fork became Windows Vista and we had two years to get it OUT THE DOOR because of the demand from OEM and ISV partners.

            Brian Valentine became the sacrificial goat for the Longhorn effort so that \
            Jim Allchin could save face, and BrianV left the company. He is now a happy VP at Amazon.

            Back to Jim Allchin. He pretty much sat back on his throne and made some decisions but mostly all he did was blame others for his own failure as a leader.

            Enter Will Poole from Digital Media Division. Will Poole convinced Jim Allchin that we HAD to support Intel with their 915 chipset in Vista because Intel had so many of them even though they didn't meet the previously published minimum Vista hardware specs. Jim Allchin give Will Poole the go-ahead.

            The result was the Intel 915 chipset fiasco that created the "Vista Compatible" label where WDDM drivers didn't work and so new computer owners couldn't have the "Glass" experience in Windows Explorer, and so yet another lawsuit was executed against Microsoft for "false advertising".
      • Fortunately, jesse's just making up stuff, as usual

        The sad part is he knows he's spouting BS, but still does it anyhow,

        Funny how Jesse knows what's inside proprietary software when people so many times smarter can't see inside the OS.

        Makes you wonder if he does it because trolling is fun to someone like him, or because he's paid to?
        • Yeah, in his world M$ can do nothing right

          If they didn't patch, he'd complain they were abandoning users. Now that they say they will patch, he complains that they didn't make Xp open source.

          And then he complains about them reusing reuse is bad. Whatever.