Microsoft Patches Bug in Windows XP, But It’s a Temporary Fix
Over the past few months, Microsoft (NASDAQ:MSFT) made a big deal about ending support for Windows XP. To warn customers that it would no longer release critical updates for the thirteen-year-old operating system come April 8, it released multiple announcements and even had a countdown website. We’re not even a a month into the shutdown, and Microsoft has already relapsed and issued a bug fix.
That’s because a major vulnerability was found in almost all versions of its Internet Explorer web browser. It was so bad that the Department of Homeland Security advised people to switch browsers until the bug was squashed. Microsoft released the update Thursday and surprised many people by including an update for Windows XP as part of the rollout.
According to Adrienne Hall, a general manager of Microsoft’s Trustworthy Computing division, the company decided to patch the security flaw for Windows XP users because it occurred so close to the cut-off date.
She wrote in a blog post, “Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade. This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1.”
Trey Ford, a strategist with Rapid7, a computer security firm, told USA Today, “Major vendors like Microsoft, Oracle, Adobe and others have highly structured software-testing workflows that are expensive in terms of time and resources. To interrupt a scheduled development cycle for an emergency patch, or ‘out of band’ release, is a noteworthy event, where a vendor is placing the public good ahead of their development and delivery life cycle.”
There’s the rub. While it was benevolent of Microsoft to make this exception, it’s just a temporary bandage for the real problem, which is that a huge number of people still rely on the obsolete operating system, including some people with very important jobs.
According to The Washington Post, Windows XP is still in use by some departments of the British, Dutch, and U.S. governments. As of January of this year, an estimated 95 percent of ATMs still count on the operating system to withdraw cash from your bank account. And according to StatCounter, some 44 percent of desktop, tablet, and console users in China run XP. Not to mention all the average Joes in the rest of the world who haven’t upgraded their computers in a decade.
The good news is that the big governments that are affected are all paying Microsoft for an extra year of support while they upgrade their systems to Windows 7 or above. On the other hand, many of the at-risk ATMs probably won’t be fixed any time soon, especially if they’re not connected to a network that can deliver updates remotely.
Microsoft may have made an exception by fixing the bug this time for Windows XP users, but they probably won’t do it again. When the next major security flaw comes to light, lots of people will remain vulnerable — unless they do what needs to be done and make the upgrade.