Latest Post
Loading...

Saturday, May 3, 2014

Microsoft patches IE bug in Windows XP, but it’s a huge mistake

in News
Microsoft, after officially retiring Windows XP back in April, has decided in its infinite wisdom to issue a patch for the Internet Explorer zero-day vulnerability that affected all versions of IE across Windows XP, Vista, 7, and 8. While this might seem like the right thing to do, it’s actually a huge mistake that undercuts Microsoft’s efforts to get the hundreds of millions of Windows XP holdouts to upgrade. After all, if Microsoft fixed this bug in Windows XP, who’s to say it won’t do it again? IT admins, faced with the harsh reality of finally having to upgrade to a modern operating system, will sleep well tonight knowing that Microsoft is a push over and will continue to support XP while it has a significant number of users. The status quo is preserved.

The current zero-day vulnerability, which affects IE6 through 11, across all versions of Windows, was confirmed by Microsoft on April 27. Microsoft acknowledged its existence after security firm FireEye reported on April 26 that the vulnerability was being actively used to attack “financial and defense” targets. At the time, I thought this would be the perfect stick to get people to finally upgrade from Windows XP (IE6 through 8, along with Windows XP, are no longer supported). Large institutions and corporations especially cannot keep running Windows XP if there’s a massive hole that can be readily exploited. The bug was so serious that even the US and UK governments were telling people to stop using IE until a patch was issued (which, in the case of Windows XP, should’ve been never).

RIP Windows XP (gravestone with BSOD)

But alas, instead of growing some balls and riding out the zero-day wave, Microsoft caved and issued a fix for Windows XP. Microsoft says that the reason for the patch is due to its “proximity to the end of support for Windows XP.” Fair enough you might think, but really, when it comes down to it, what constitutes “proximity”? If a similar zero-day vulnerability is discovered a week from now, will Microsoft fix it? How about a month from now? Or a year?

Windows_XP_ShutdownThat’s really the problem here: It sets an awful precedent. Yes, tardy governments and IT administrators can breathe a little easier for a little bit longer, and yes, your mom and dad are yet again safe to use their old Windows XP beige box. But to what end? It’s just delaying the inevitable.

Windows_XP_ShutdownMicrosoft cannot feasibly continue to support Windows XP indefinitely — and yet with this sycophantic fawning to popular and journalistic pressure, Microsoft opens itself up to the terrifying reality of supporting XP for years to come while it still has a critical mass of users. It also has a knock-on effect for the web, with many organizations spending resources to support Internet Explorer 8, rather than forging ahead with standards-compliant HTML5 websites. (Read: With the death of Windows XP, now is the perfect time to switch to Linux.)

So, hooray: You’re safe to use Windows XP again! Until the next bug is found, anyway — and there will be more vulnerabilities in Windows XP, I assure you. And then we’ll go through this circus again, and governments will decry Internet Explorer, and MS will patch the hole. The wheel of time turns.

Source : extremetech