Software // Operating Systems
News
5/1/2014
04:53 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Microsoft: Windows XP Update An 'Exception'

XP users shouldn't expect additional support from Microsoft, despite its heroic last-minute security update for Internet Explorer.

Microsoft Office For iPad: 7 Questions Answered
Microsoft Office For iPad: 7 Questions Answered
(Click image for larger view and slideshow.)

Many Windows XP users are no doubt relieved that Microsoft decided to include Windows XP in a security update for a recently-disclosed bug -- but they shouldn't assume support will continue. Microsoft said XP remains an unsupported product, and that it made an exception to include it in this update only because the issue arose so near the operating system's end-of-life deadline.

Microsoft began deploying the update around 1 p.m. EST on Thursday. Users who have enabled automatic updates shouldn't need to take any action. Otherwise, users can access the update via the Control Panel's Windows Update section. Microsoft rarely releases out-of-cycle updates like this one. Most arrive during the company's monthly Patch Tuesday releases.

[Is XP really at risk? Read Windows XP Security Issues: Fact vs. Fiction.]

After disclosing the bug last weekend, Microsoft suggested a number of workarounds, many of which were inapplicable to XP machines. In a blog post, Microsoft Trustworthy Computing GM Adrienne Hall encouraged XP users to upgrade.

Image: Nick Perla (Flickr)
Image: Nick Perla (Flickr)

She wrote that today's cyberthreats are too sophisticated for an operating system first released over a decade ago. Microsoft officials have repeated this message countless times in recent months, but many users remain unpersuaded; over a quarter of PC users still relied on XP in April, according to web-tracking firm Net Applications.

Attacks against XP are already ongoing, according to FireEye, the security firm that took credit for discovering the vulnerability and gave it its nickname, "Operation Clandestine Fox."

In a Thursday blog post, the firm said it has detected a "version of the attack that specifically targets out-of-life Windows XP machines running IE 8." FireEye said earlier attacks involved only IE 9, 10, and 11 on Windows 7 and 8. The bug affects all versions of IE from 6 to 11. The firm warned that the new method that involves XP "means the risk factors of this vulnerability are now even higher."

FireEye said it initially observed attacks against the defense and financial sectors but has since detected campaigns against government and energy institutions as well.

Microsoft will host a webcast Friday at 2:00 p.m. EST to discuss the security update in greater detail.

Could the growing movement toward open-source hardware rewrite the rules for computer and networking hardware the way Linux, Apache, and Android have for software? Also in the Open Source Hardware issue of InformationWeek: Mark Hurd explains his "once-in-a-career opportunity" at Oracle.

Michael Endler joined InformationWeek as an associate editor in 2012. He previously worked in talent representation in the entertainment industry, as a freelance copywriter and photojournalist, and as a teacher. Michael earned a BA in English from Stanford University in 2005 ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Banacek
100%
0%
Banacek,
User Rank: Apprentice
5/2/2014 | 12:40:40 PM
Re: Remind me again why Internet Explorer, itself, has anything to do with the Windows XP OS?
"No browser, not Chrome, not Firefox, not Opera, not Safari, etc., is considered part of the operating system."

Well, there you are wrong. As any knowledgable OS X user will tell you, Safari is a part of the OS. It comes with the OS. You can't really remove it. You can 'not use' it, but you could just as easily not use IE.

But, more importantly, Safari's engine, WebKit, IS a part of the OS, just like IE's engine is a part of Windows. It is used in many applications, and most people have no clue it is. For example, it's used to display mail content. And it is just as bad in OS X as it is in Windows. Because updating the browser to a new version (say go from Safari 4 to Safari 5) updates the OK because it updates Webkit (even though it doesn't have to, but Apple's people are too lazy to do it right). Which means, updating the browser literally can affect how your mail program views messages!

Oh, and you can get rid of IE from windows, big deal (sure, MS didn't want to because they wanted the market share for some reason). But you can't get rid of the engine without breaking a LOT of code.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
5/2/2014 | 9:17:55 AM
Re: Remind me again why Internet Explorer, itself, has anything to do with the Windows XP OS?
On the note of dual booting and running a *nix distribution, I would like to see numbers on how many Linux or BSD users are on a 15 year old release.  The same goes for OSX, how many users are sitting on a decade old version?  Why is it that Windows users will sit on an OS version seemingly forever?  Is it the cost of an OS upgrade?  Is it that things tend to break during upgrades?  How can Microsoft get the average Windows user to upgrade at the same pace that the average OSX or *nix user upgrades? 
Banickoss
100%
0%
Banickoss,
User Rank: Strategist
5/1/2014 | 7:12:39 PM
Remind me again why Internet Explorer, itself, has anything to do with the Windows XP OS?
As we all know from our experience where Microsoft Marketing faked the courtroom proceedings, Internet Explorer has nothing, per se, to do with Windows XP. No browser, not Chrome, not Firefox, not Opera, not Safari, etc., is considered part of the operating system.

So, given that IE itself is simply an application, why wouldn't Microsoft patch a buggy application which is used by millions of its customers? The answer provided by Microsoft (that it's associated with the operating system) just doesn't hold water. As a professional in the software industry, I can symphathize with Microsoft's dilemma that Windows 7 & 8 don't offer enough value to entice half its users to switch, but, that's a different problem altogether than whether or not a browser application, which has nothing to do with the operating system, is to be patched.


Luckily, the advice stands to simply use Chrome or Firefox, and to dual boot Windows XP to Linux (typically Ubuntu), which, in and of itself, solves both problems immediately.
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Author
5/1/2014 | 7:05:30 PM
A good reason to fix this bug...
The statement that this XP bug was fixed isn't really logical. It says the fix was authorized because the bug occurred so near the end of XP's life. Well, an end of life deadline is just that, unless there's a good reason not to follow through. In this case, as in the next one, the reason to fix a bug is because so many people are still using the operating system. 
<<   <   Page 2 / 2
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.