I have to say that I have a degree of sympathy for M$ in this case. I think a vendor has an obligation to maintain a no-longer-sold OS (or application) for a reasonable period - to use the analogy in the article I believe motor vendors have to maintain spares availabilty for 10 years. However you cannot expect a vendor to continue to support the product indefinitely since it is in no way a cost-free activity. Vendors should be obliged to state a minimum period for which they will support the OS after withdrawal from market. Past that they can offer extended support as a product if they wish.
In this case the waters are muddied by the fact that M$ apparently had a fix which they did not distribute. You can argue that one both ways. The unsafeness of XP was the best incentive for tardy users to upgrade and to launch a fix would encourage them in their behaviour. On the other hand, had they released the fix in a timely manner they would have garnered some much needed kudos as good guys.