Microsoft seeds doubt by erasing XP line in the sand

Microsoft seeds doubt by erasing XP line in the sand

Move may end up encouraging some customers to stick with XP even longer

Microsoft's decision to erase its support line in the sand has sowed confusion and will likely encourage bad behavior by some customers, analysts said today.

"If next month someone finds another zero-day like this one, Microsoft could just move the line again," said John Pescatore, director of emerging security trends at the SANS Institute, a security training organization.

"In a way, this encourages bad behavior. There's a risk that people will look at it that way," said Michael Silver, an analyst with Gartner, referring to those who will now question Microsoft's determination to end XP support, and thus slow or even suspend their migrations to newer editions of Windows.

The experts were talking about Microsoft's move on May 1 to issue fixes for a critical vulnerability in Internet Explorer (IE) that had been disclosed the week before and used by cyber criminals for an unknown length of time before that to hijack Windows PCs. Patching the bug was not unusual; what was out of the ordinary was Microsoft's decision to push the fix to Windows XP machines.

Previously, Microsoft had set the end of support for Windows XP as April 8, a date it had broadcast for years. When Microsoft software reaches its support retirement date, it's company policy to discontinue public patching.

Just weeks after the deadline, Microsoft essentially said, "Never mind," and patched the IE vulnerability on Windows XP. What had been certain -- the support line in the sand -- became irresolute.

Microsoft defended the decision, saying it had bent to what it called "overblown" media coverage and explaining that it did so only because XP had only recently been retired.

"I don't think the coverage was overblown," said Pescatore.

Wes Miller, an analyst with Directions on Microsoft, agreed. "It was a very bad vulnerability," he pointed out.

Even so, the analysts were surprised at the release of a fix for XP, not only because of the line Microsoft had so firmly drawn but because of the ramifications of erasing that line.

The precedent was what concerned the experts. "Absolutely, the precedent matters to Microsoft," said Miller. "It's not a question of if, but when, this issue will come up again. Until key organizations are off of XP, every major vulnerability becomes a major opportunity for exploitation."

Some customers still running Windows XP may view Microsoft's patching decision as a pass to continue running the 13-year-old operating system which, as Microsoft has repeatedly hammered home, lacks many of the advanced security and anti-exploit features and technologies in newer editions, including Windows 7 and Windows 8.1.

Even further in the future, customers running Windows 7 may recall this XP patch and conclude that Microsoft is not serious about retiring that OS when its January 2020 support deadline nears.

"There is now a difference between what Microsoft thinks they mean and what [customers] think they mean," said Miller. "Everyone is playing chicken. Which means [years from now] people may say, 'I can keep running Windows 7.'"

Microsoft was in a "lose-lose" situation with XP, according to Silver, because of the operating system's large user base. At the end of April, XP powered about 26% of the world's personal computers, analytics company Net Applications revealed last week.

Although Microsoft didn't mention XP's stubborn resistance to retirement, and the vast numbers of PCs that still run the OS, the decision was clearly based on its continued prominence. Which makes one wonder, analysts said, what Microsoft may do in the weeks and months to come.

"I think Microsoft thought hard about this one. But if the same thing happened in a year, you wouldn't see it. So that [patch last week] may have been the real line," contended Silver.

"Six months from now, an XP vulnerability may get the same [media] coverage," said Pescatore. "But then Microsoft has a much stronger story. They might say, 'XP's dropped in half since April, so we're sticking to the plan.'"

Computerworld's current projection -- based on a 12-month average of Net Applications' data -- is that XP will still account for 19% of all personal computer operating systems at the end of the year.

"This was the right thing to do," argued Silver. "Microsoft's move was defensible." But what about next time? Will there even be a next time? "Caveat emptor," said Silver, illustrating the new uncertainty about the company's support policy.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoperating systemssoftwareWindows



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments