With a high-profile bug leaving Microsoft’s Internet Explorer vulnerable to attack, and about 25 percent of the world still running Windows XP, should Microsoft release a patch for XP users, making an exception to its decision to end support for the aging operating system?
That’s the question as the company scrambles to address the bug, which is severe enough to prompt the U.S. Computer Emergency Readiness Team to advise users to seriously consider using alternative browsers.
According to Microsoft’s security advisory, the flaw affects everything from Internet Explorer 6 up to the most recent version of Internet Explorer 11, although security research firm FireEye, which discovered the vulnerability, says hackers are primarily targeting IE 9 through 11.
Microsoft is working on a patch for its supported versions of Windows, but that doesn’t include Windows XP.
“Extended Support for Windows XP ended on April 8, 2014. Microsoft no longer provides security updates for this operating system,” a spokesperson said in an email. “Our advice to customers is to migrate to a modern OS, like Windows 7 or Windows 8.1.”
In a commentary overnight, Mashable’s Lance Ulanoff called on Microsoft CEO Satya Nadella to reverse course with “One Last Patch” for Windows XP. Such a move would make Nadella “the temporary hero of millions of hapless Windows XP users,” and if presented in the right way, would underscore the security risks associated with remaining on Windows XP, Ulanoff contends.
However, given that the vulnerability is primarily being exploited on new Windows machines, the risk for Microsoft is that Windows XP users could seize the opportunity to move to Macs or Chromebooks instead.