Windows XP: Microsoft can't wash its hands of the security problem so easily

Microsoft might want to draw a line under Windows XP; hackers and users will be reluctant to let it off the hook.
Written by Steve Ranger, Global News Director

Late last week, Microsoft published an unexpected security update for a flaw in its Internet Explorer browser. Even more unexpected, the patch also covered Windows XP, which Microsoft officially stopped supporting back in early April

Microsoft explained the change of heart by saying it had provided the security update "based on the proximity to the end of support for Windows XP".

For those companies scrambling to rid themselves of the last of Windows XP, this additional security update gives them a bit of extra security while they rush to complete their projects, and as such, Microsoft's gesture should be praised as decent and generous.

And perhaps Microsoft had always planned a one last extra XP security update, if only to remind those still clinging to the venerable operating system of just what they would be missing when support disappeared forever.

But it's a move that has also infuriated and confused some — the IT managers who have been pushing their bosses to find money for a Windows upgrade based on the end of security support might feel a little silly now, for example. More of a problem is that it also gives hope to those that haven't upgraded — they will now be thinking that next time there is a big security problem, Microsoft will still be there to save them.

And the problem for Microsoft is that there are still an awful lot of people out there on XP. Windows XP users are hardly cutting edge, but they're certainly tenacious.

According to NetMarketShare research, XP still accounts for 26 percent of the PCs connecting to the internet, a number that is down a mere two percentage points from March, suggesting there was little in the way of last-minute switching away from XP before Microsoft finally pulled the plug on support. Windows 7 still has almost half — 49 percent — of the market, while Windows 8 and 8.1 have grabbed just 12 percent combined. 

So despite warnings from Microsoft — for years — that XP support would finally be ending, a quarter of PCs on the web are still running an antique and out of support operating system. It's an unparalleled situation in IT security.

There will inevitably be more serious security flaws that will affect Windows XP. Already, security company FireEye is warning of exploits using the latest IE flaw that deliberately target Windows XP. And one in four PCs running an operating system without any new security updates is a hacker's dream.

There will continue to be pressure on Microsoft to provide fixes for every major new security flaw, and now the company has done it once, there will be calls to do it again (a situation further complicated by the fact Microsoft is still supporting a number of organisations on XP through its extended support programme). What happens at the next Microsoft Patch Tuesday will be interesting, shedding more light on whether Microsoft will continue to help out XP users in the long term.

There's no easy answer here. Microsoft has every right to end support; Vista, Windows 7 and Windows 8 have all been built since Windows XP, yet it has only just wound down support for the antique OS. Twelve-and-a-half years of support is a long time even in the world of enterprise software. But that doesn't mean that Microsoft will be able to rid itself of the XP security headache very easily.

ZDNet's Monday Morning Opener is our opening salvo for the week in tech. As a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and the US.

Previously on Monday Morning Opener


Editorial standards