Microsoft on Thursday released an out of band security update to fix the Internet Explorer security vulnerability it disclosed this past weekend. The firm had suggested it might fix the issue outside of its normal monthly security update schedule, but there was one surprise: Despite the fact that Microsoft stopped supporting Windows XP last month, it has elected to fix this issue on XP too.
"Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP (including embedded), today," Microsoft Trustworthy Computing general manager Adrienne Hall said in a prepared statement. "We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don't take these reports seriously. We absolutely do."
Microsoft is careful to present this flip-flop as a one-time exception, but it's reasonable to wonder if the company will similarly fix future issues if they're serious enough. Certainly, many had speculated that it would. But Hall says that won't happen. Instead, the decision to fix this issue on XP was driven by press-driven hype and the closeness of the exploit to XP's expiration.
"We're proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade," she explains. "Our modern operating systems provide more safety and security than ever before. The latest version of Internet Explorer has increased support for modern web standards, better performance, and expanded the ability to deliver an immersive experience from within the browser. In other words, cool stuff that you need even if you didn’t know you need it."