back to article Microsoft: You know we said NO MORE XP PATCHES? Well ...

Microsoft has released patches for the latest critical security vulnerability plaguing Internet Explorer, including for Windows XP – despite months of claiming that it would never release another patch for the outdated OS past April 8 of this year. According to a blog post by Microsoft's general manager of Trustworthy …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Well ...

    Technically it's a patch for IE... so not specifically for XP...

    (and since it's the best kind of correct...)

    1. poopypants

      Re: Well ...

      Yes, but weren't Microsoft fond of claiming that IE was heavily integrated into the OS and could not be separated?

      "Microsoft has held that this is not meaningful; that in Windows 98 and newer versions, "Internet Explorer" is not a separate piece of software but simply a brand name for the web browsing and HTML rendering capacities of the Windows operating system. In this view, the result of removing IE is simply a damaged Windows system; to have a working system without IE one must replace Windows entirely."

      - from http://en.wikipedia.org/wiki/Removal_of_Internet_Explorer

      1. Number6
        Linux

        Re: Well ...

        to have a working system without IE one must replace Windows entirely.

        That's exactly what I've got. I removed IE from the system and replaced Windows entirely.

        1. Fatman

          Re: Well ...

          That's exactly what I've got. I removed IE from the system and replaced Windows entirely.

          Me too, back in 2007 with Ubuntu.

      2. gotes

        Re: Well ...

        @poopypants, I think that quote is pretty much right, that whole antitrust debacle was around Windows 98 (or maybe an update to Win95)? Internet Explorer hasn't been "tightly integrated" for quite some time, though it's somewhat easier to just not use it rather than remove it. I imagine you'd get worse results removing Safari from iOS, though I expect that's not an easy task.

        1. gotes

          Re: Well ...

          Just an off-topic anecdote here, but I started using IE over Netscape Communicator (nee Navigator) around 1996/97 because Netscape became so bloated that when loaded into my 4MB of RAM the system ground to a halt. I already had e-mail and Usenet clients that I was happy with and I just wanted a web browser that didn't take three minutes to load.

          These days I tend to use whichever browser works best for the purpose I want to use it for, which is very rarely IE. Generally I end up being forced to use it because some web app requires NTLM authentication, or because I have to view some non-standard "html" generated from a Microsoft application.

    2. big_D Silver badge

      Re: Well ...

      But none of the versions of IE available on XP are supported either...

      This is a goodwill gesture.

      1. Dan 55 Silver badge

        Re: Well ...

        So in a couple of weeks time, when the next zero-day comes out, they're going to get hung with their own rope and the logic will apparently be that four weeks past EOL date deserves a goodwill patch for XP but six weeks is far too long. Or perhaps CERT, UK CERT, and so on just need to raise a stink every time it happens and Microsoft will cave in and push out another patch.

    3. Anonymous Coward
      Anonymous Coward

      Re: Well ...

      Well at least IE has far fewer holes than Firefox or Chrome.

      http://secunia.com/vulnerability-review/browser_security.html

    4. The First Dave

      Re: Well ...

      The thing that I never understood, was how MS were going to provide their "Premium Support for a Year" for those big organisations that cared to pay for it?

      Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing.

      1. Woodgar

        Re: Well ...

        "Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."

        Actually, it sort of does.

        If everyone sees that a patch will be released even for those not paying for support, then what's the point in paying for support? Why pay to have the patch when you can just mooch of the freebies?

        Of course, if everyone stopped paying, then there would be no patches, but that's a different issue.

      2. Anonymous Coward
        Anonymous Coward

        Re: Well ...

        "Surely these big corporates expect to get IE / XP patched (whichever one it is) so that means the patch still needs to be written, and therefore releasing it to all and sundry costs MS precisely nothing."

        To get any kind of fix, security (GDR) or non-security (LDR), for a product past its extended support date requires a Custom Support Agreement (CSA), and Extended Hotfix Agreement (EHA) and a payment per fix request.

        After having the 2 contracts in place and paying for the bug to be filed, there is still no guarantee it will result in a hotfix.

        Even if a hotfix is created, if another customer requests the same thing then they have a CSA & EHA and pay too.

  2. Decade
    Unhappy

    Stick to your guns: Stop supporting XP

    I'm very disappointed in Microsoft. First caving on MSE updates, and now caving on this Internet Explorer update. XP belongs in a museum, not on a PC with users that goes online.

    1. Primus Secundus Tertius

      Re: Stick to your guns: Stop supporting XP

      Yes, Microsoft still make available updates for MSE/XP. But they leave the MSE icon at a warning red even if it is up to date, and MSE puts up a nag message at every restart.

      So Microsoft are being stroppy, and any spirited customer will be more determined to tough it out. We never had nonsense like this when earlier Windows versions were pensioned off. Let me remind Microsoft of the old fable about the competition between the wind and the sun to see who could make the traveller take off his coat.

      1. Anonymous Coward
        Pirate

        Re: Stick to your guns: Stop supporting XP

        So incensed was I about this that i decided i simply had to upgrade my XP machines to Win7 Ultimate X64.

        So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!

        Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7.

        ALL you had to do was keep releasing MSE updates for XP and not piss us off with your "scary" pop up messages.

        Might want to think about your legacy customers a bit more in the future...

        1. Anonymous Coward
          Anonymous Coward

          Re: Stick to your guns: Stop supporting XP

          "So, after reflashing the BIOS on the mother boards with modded ones that contain SLIC2.1, i was easily able to upgrade them to Win7 X64 Ultimate for free!!!!

          Thanks MS... You just saved me a fortune...Cost you 4 copies of Win7."

          That didn't actually directly cost Microsoft anything. And remember the first time you launched IE and it went to the Microsoft portal? They made advertising money out of that...

      2. Anonymous Coward
        Anonymous Coward

        Re: Stick to your guns: Stop supporting XP

        The Nag message may be turned off with about 3 clicks! (Delete the scheduled task)

      3. James Pickett

        Re: Stick to your guns: Stop supporting XP

        "they leave the MSE icon at a warning red even if it is up to date"

        I thought so, too, but my son's XP machine (which spends most of it's time connected to Steam) has MSE and it is currently showing a green icon with tick, and says it's up-to-date and protected. I've no idea why, unless MS got tired of nagging everyone.

        Have just read Mister Bee's message, so will try that the next time I get an opportunity - perhaps the Boy knows more than I thought!

      4. Test Man

        Re: Stick to your guns: Stop supporting XP

        MSE is a product and not to do with XP at all. That can and will follow a totally different support schedule to XP, or it could coincidentally follow the same schedule as XP (as IE did).

        It isn't doing the latter, so get over it.

        1. Pookietoo

          Re: It isn't doing the latter, so get over it.

          That's odd, because I just installed it and it calls itself

          Security Update for Internet Explorer 8 for Windows XP (KB2964358)

          which looks rather like support for Windows XP to me.

          In fact if you look at the Microsoft Security Bulletin Summary they still seem to be supporting Internet Explorer 6, and we know how much they like that.

      5. Anonymous Coward
        Anonymous Coward

        MSE nag screen

        Simple. Zap MSE, replace with another AV. Problem gone.

    2. Shannon Jacobs
      Holmes

      The gun is pointing at your head

      Kind of a shame that Microsoft can't sell products on their actual merits, eh? At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components.

      I think there are two aspects of Microsoft's business model that explain this: (1) It isn't their fault and no matter what happens to you because of Microsoft's incompetence or negligence, you can't sue them. Check your EULA if you think otherwise, but I bet you can't even read it with understanding. (2) They don't sell to you anyway. Their products are 'sold' to the manufacturers and rammed down your throat. This is NOT a case of a good idea that isn't worth stealing. It's mostly a natural result of that assuming all their potential end-user customers are thieves.

      Me? I prefer personal responsibility (NOT (1)) and I resent being called a thief (NOT (2)) and I even want good software (NOT Microsoft).

      Personal disclaimer time? I think the aspect that most pisses me off about this is that I fixed an old machine that still runs XP. The repair was expensive, and upgrading on a Windows path isn't even possible, but a big FY is the norm of my dealings with the big MS.

      1. Anonymous Coward
        Anonymous Coward

        Re: The gun is pointing at your head

        "At this point, I have accumulated several years of post-XP experience, and I cannot give a single positive reason to upgrade beyond XP. Ditto Word, Excel, and recent versions of other Microsoft Office components."

        Presumably because you are too stupid to use a computer and use the CDs as door stops. There are thousands of reasons to move to newer versions - better security, performance, stability and many useful new features would be high on the list. Regardless of what you think of Microsoft or its products, claiming that sticking with XP as opposed to newer versions of Microsoft products is a good idea is ignorance of the highest order.

    3. big_D Silver badge

      Re: Stick to your guns: Stop supporting XP

      Stick and carrot

      You're OS is no longer supported, unless you slip us a couple of million.

      Look at the new shiny shiny and it has free support.

  3. This post has been deleted by its author

  4. Nathan 13

    Good decision

    Microsoft need to do "good deeds" like this on a more regular basis. They might actually gain support rather than lose it in droves recently :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Good decision

      I doubt it, no good deed goes unpunished.

  5. Bob Vistakin
    Facepalm

    Microsoft: The comedy gift

    That just keeps on giving.

  6. Erik4872

    Oracle did this with JRE 6 for a while.

    When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped, as I'm sure Microsoft will, but just like XP there's a huge installed base. And in the case of JRE, some crappy web applications limit a company's ability to upgrade the Java that's providing the browser plugins for fear of breaking said crappy applications.

    If they keep going with this, the people who bought custom support agreements at full price are going to start getting very upset...

    1. Anonymous Coward
      Anonymous Coward

      Re: Oracle did this with JRE 6 for a while.

      When JRE 6 went end of support last year, Oracle released a few more security patches for the more serious bugs. They eventually stopped,

      You'd like to think so wouldn't you. We're currently up to JRE 6 update 75 and counting, as of a couple of weeks ago, and still going strong until June 2017 apparently.

      1. Erik4872

        Re: Oracle did this with JRE 6 for a while.

        True -- if you're a paying customer who bought a support agreement. My Oracle Support has the non-free JRE 6 patches, but the last public one was 45. So it's true that they haven't stopped -- they just stopped giving them away for free.

  7. Anonymous Coward
    Anonymous Coward

    General manager of Trustworthy Computing... what a job title!

  8. Herby

    Windows XP ...

    The gift that keeps on giving, and giving, and giving some more.

    Funny how that happens when you don't have new products (that are worth anything) for 10 years.

    God forbid if vehicles were like operating systems. We would be in a bunch of hurt (money wise). Me? I still have to get a 2009 recall done on my 2002 vehicle.

  9. Shane Sturrock

    MS created this situation

    MS actively tied features into XP and IE to allow them to lock users onto their platform at the time. Unfortunately, a lot of developers went along with this and built tools and websites around IE6 and were so tied to it that they couldn't work on even later versions of IE which is why there are still IE6 users out there. This quackery hackery of theirs also made it exceedingly difficult to get off XP in the future and now we're seeing the results. All that money put into technologies that would only work on XP forced the OS to stay around for as long as it has and then stinkers like Vista, Vista again but with the rough edges knocked off (7) and now 8 (just no, really, no) why should anyone be surprised that XP still holds 30% of the Windows market?

    Will the customers learn from this and avoid this sort of lockin in future? I don't know. The proliferation of other platforms may prevent it because creating an environment around a single browser version isn't practical today so I'm hopeful at least.

    For now though, MS should be made to support XP because they can't claim they didn't make this problem in the first place. I don't care that it is old, it still works for a lot of people.

  10. Charlie Clark Silver badge

    Luckily unaffected

    I've just stuck Windows 7 on a friend's machine because we both decided that Windows 8 was undesirable but she felt (understandably) queasy about sticking with Windows XP. Good news is that because there is no hardware acceleration for the shitty SiS graphics, IE is borked! :-)

    Had a go installing Kubuntu on a second partition but it, too, seemed to struggle with the graphics. Might have another with that or Mint or PC-BSD tomorrow.

    1. Wensleydale Cheese

      Are SIS still around?

      Bad memories of SIS onboard graphics from many years ago. I resolved it by buying a fairly cheap but current graphics card.

      FWIW Mint in any incarnation since 10 wasn't happy with the onboard graphics on my 2010 Win7 box. Scientific Linux, Fedora and openSUSE both worked fine on it when I tried those.

      1. Charlie Clark Silver badge

        Re: Are SIS still around?

        Leaving it as is for the moment. 1280 x something even if some text looks a bit weird. See how it goes. Had to fork out € 80 for 2GB DDR-1 RAM but still the cheapest option so far. My local Chinese dealer says he's got newish notebooks complete with Windows 7 for € 150 but we hope the system stays up for another couple of years. I suspect it's unlikely but if my experience is replicated in any scale, then OEMs will be trying to renegotiate licence terms with Microsoft. You can still get Win 7 on "professional" notebooks, whatever the definition of "professional" is.

    2. IT Drone

      Re: Luckily unaffected

      @Charlie Clark - try Puppy Linux?

      Microsoft were "warning users that if they don’t upgrade soon, hackers will lie in wait each new Patch Tuesday to reverse-engineer a full set of new vulnerabilities."

      @Microsoft - when making a "what-a-caring-company" gesture that also FUDs users into moving off XP perhaps it would be best not to pick one of your many zero day vulnerabilities that highlights the crappy security in all of your operating systems and software...

    3. Anonymous Coward
      Anonymous Coward

      Re: Luckily unaffected

      Shitty SIS GFX.

      +1

      The number of systems that i have had to "fix" due to that dog egg of silicon is not funny...

      1. Fatman

        Re: Luckily unaffected

        The number of systems that i have had to "fix" due to that piece of dog egg of shit silicon is not funny...

        FTFY!!!

  11. Anonymous Coward
    Anonymous Coward

    People are still paying for patches on custom support agreements, so it's not like dev work is not going on to fix identified vulnerabilities, they are just not generally available to the public.

    Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update.

    1. Anonymous Coward
      Anonymous Coward

      "Which is a tad frustrating as HM Govt has paid MS for patches for HMRC, as a tax payer, I'd want those patches to be made available to UK XP Users too using Geo-IP location in Windows Update."

      I'm sure if you are an XP user that you would want that, but they only paid for custom support for HMRC - not for the whole country!

  12. Salts

    This of Course has...

    Nothing to do with governments advising people not to use IE until this bug is fixed, all those XP people getting used to another browser before they upgrade to a new version of windows, is of no interest to MS.

    1. Bob Vistakin
      Holmes

      Re: This of Course has...

      IE can be used for something other than downloading Chrome?

      1. Roland6 Silver badge
        Happy

        Re: This of Course has...

        >IE can be used for something other than downloading Chrome?

        What you never used Windows Update ! The primary reason for keeping IE on Windows...

      2. Anonymous Coward
        Anonymous Coward

        Re: This of Course has...

        "IE can be used for something other than downloading Chrome?"

        Yep - there is plenty more insecure spyware like Chrome out there to download if you really want to....

        1. Uncle Siggy

          Re: This of Course has...

          IE of any version has this feature at its core. Anon, I got a good laugh at your remarks. Very good indeed.

      3. phuzz Silver badge

        Re: This of Course has...

        You can use IE to download Ninite and install Chrome, and Firefox and everything else from one installer.

        Seriously, Ninite has saved me so much time when installing a new computer. (not as much as WDS, but it doesn't require weeks of setup)

  13. Henry Wertz 1 Gold badge

    Maybe for IE?

    I'm wondering if maybe they will release the IE patches (that are common to IE on XP and Vista/7) but just not work on any others?

    1. Test Man

      Re: Maybe for IE?

      That's exactly what is happening. They aren't going to release any more patches for XP - but this one was specifically for IE and totally at their discretion - don't expect to see specific XP patches (for free, that is).

  14. Number6

    Microsoft Time

    Anyone who's ever watched Windows downloading a large file will be fully aware that Microsoft can reverse the flow of time and so probably did release the patch before 8th April.

  15. Anonymous Coward
    Anonymous Coward

    Nice to see the £millions of public money that government departments have spent on extended-extended support wasn't needed after all...

    A great company to deal with.

    1. Test Man

      WRONG. That would only be right if that millions paid covered that one patch for that one specific product which happened to be the patch that was released.

      Clearly it isn't, and clearly there's a ton of patches for XP that are and will be continually created specifically for the people who paid for it.

      This specific patch is just one that was freely released at Microsoft's discretion - the rest (of which there will be many for XP this month) won't be.

  16. Piro Silver badge

    Poor decision

    Because it represents a total rip-off for the people who paid for extended support, such as our own government.

    If they keep doing this, those organisations will be wondering why they spent any money in the first place, and should be battering down Microsoft's door for their cash.

    It's also a poor decision because it will keep people thinking that XP will get important patches anyway. Complacency needs to end.

    1. Test Man

      Re: Poor decision

      Nope. It was one patch to address one specific problem in a specific product (IE) that coincidentally ended it's free support a few weeks ago. It's hardly a rip-off because there'll be a ton of security updates for XP from now till (potentially according to the paid-for contracts) next year, just only for the people who paid for it.

      So calm down.

  17. Sangriel

    I don't understand how software companies get away with releasing software that is full of security holes, not just one or two vulnerabilities but hundreds.What a sad joke it is that people pay good money for what is essentially partiallly functioning garbage.

    1. Brewster's Angle Grinder Silver badge

      We call it market economics: if one product is full of holes, buy another. (And we're talking about IE here, so there is plenty of competition.) But developers have discovered that the crowds, in their wisdom, want cheap software with lots of new features.

      1. Fatman

        @brewster's angle grinder

        But developers have discovered that the crowds, in their wisdom, manglement exuding its sheer stupidity want cheap software with lots of new features, as opposed to software that is free of bugs.

        There!!!

        FTFY

        Manglement: The bane if IT existence worldwide.

    2. Anonymous Coward
      Anonymous Coward

      "I don't understand how software companies get away with releasing software that is full of security holes, not just one or two vulnerabilities but hundreds.What a sad joke it is that people pay good money for what is essentially partiallly functioning garbage."

      Yep - modern software often really sucks. For instance Linux has had over 900 security vulnerabilities in the kernel alone, OS-X is on over 2,000 and SUSE 10 is on over 4,000!

      For comparison, Windows XP is approaching 700 known vulnerabilities.

      1. Anonymous Coward
        Anonymous Coward

        Quotation needed

        I happen to be familiar with Linux, and 900 security vulnerabilities seems to me a bit off the mark. Care to link to your sources?

        Nah, I think that you're exposing your ignorance here. SUSE 10 may have or have not 4000 vulnerabilities, but if the kernel had 900, and SUSE is using the same kernel, you're saying that the whole lot of software shipped with SUSE 10 had what, 3100 vulnerabilities?

        Go scare somewhere else.

  18. Anonymous Coward
    Anonymous Coward

    "In extreme circumstances...

    the assailants can be stopped by removing the head or destroying the brain... I will repeat that: by removing the head or destroying the brain"

  19. tony2heads
    Linux

    XP

    Surely the old yeller of operating systems.

    Surely Microsoft should get the rifle out for it now

    1. hplasm
      Happy

      Re: XP

      WINDOWS

      Surely the old yeller of operating systems.

      Surely Microsoft should get the rifle out for it now

      FTFY

  20. Stevie

    Bah!

    One morning in a galaxy far, far away:

    "Yes, let us abandon the most popular desktop OS we've ever sold in such a way as to leave us open to stories forevermore on how we walked away from a trainwreck in the interest of sales.

    Wait, wouldn't that get us seen in a bad light by the only people who don't hate us now? I mean seriously, have you used windows 8? What a big pile of stinking OH HELLO BOSS. What's that? New policy? I'll get right on it!"

  21. Zog_but_not_the_first
    Windows

    Upgrades? Pah!

    {grumble}. I suppose I shall have to fork out for a 486 next.

  22. Matt Collins

    Environmental Impact

    So 30% of all Windows desktops run XP according to my reading of the posts here. These machines work perfectly well and/or the software/OS/browser is locked in - which is why they are still in use - but we are supposed to just dump them? It's insane.

    Imagine if car manufacturers behaved this way. Oh, sorry sir we can't be arsed to make the parts for your model any more, even though 30% of our customers drive them. Go and sling it in the dump and then have a look around the showroom.

    I've got my popcorn ready for the MASSIVE botnet offensive that Microsoft will create. It will cause misery for everyone who upgraded as well as those that didn't.

  23. david 12 Silver badge

    Win2K

    When I installed Office on Win2K I gut current updates for Office, despite the fact the Win2K wasn't just un-supported -- it was kinda "withdrawn" because of the Java settlement.

This topic is closed for new posts.

Other stories you might like