@BongoJoe: Contacting them how? Their support policy is pretty clear.
Microsoft will consider hotfixes and Design Change Requests for products within the Mainstream Support phase of their lifecycle, if you raise a case with Product Support Services. That means paying, using a free support incident that came with your product purchase (if bought as a retail product), or through Software Assurance or a Premier Support Plan.
If you obtained the product with your computer (which is how most people get Windows), your first port of call is your OEM - the reduced price of the OEM Windows edition doesn't include support, it's outsourced to the OEM. If you bought an OEM version of Windows on the open market and installed it yourself, congratulations! You don't get any support.
If the product has moved on to the Extended Support phase, which Windows 7 did on 13 January, you need to have bought an Extended Support Hotfix Agreement within the first 90 days after it did so. You can then get hotfixes by contacting support. They won't consider any Design Change Requests, though.
If you contact the product group through blogs, email, connect.microsoft.com or User Voice, they might consider your issue for a fix in the next version of the product. They're unlikely to develop a patch for existing versions unless there is some wider issue that you're highlighting. Generally patches for released versions are developed by the Windows Customer eXperience Engineering team, not the people working on the next release.
If you think it's a security issue, email email@example.com. (firstname.lastname@example.org is *building* security.)
I would expect to see this start to change if Microsoft are really going to treat Windows 10 as an 'evergreen' release in the way that Google Chrome and Mozilla Firefox are 'evergreen' browsers. The way it works now is based on the principles of stability - no changes unless strictly necessary - and that someone has to pay for the fix to be developed. If you're not paying (or haven't pre-paid) they're just not interested.
The support you're not getting for Windows XP is that you're not getting security updates. No-one is checking whether Windows XP is vulnerable to any of the issues that have been reported, and if it is, there is no commitment to developing fixes.