When is software really dead? That’s a great question because Microsoft will tell you that this occurs when the company states that a product has reached the end of its support lifecycle. But, for Windows XP, that does not appear to be the case as Microsoft is releasing a second patch for the discontinued OS today.
After the WannaCrypt ransomware made its way around the web and likely made its creators quite a bit of money, Microsoft took the unprecedented action and patched Windows XP to stop this exploit from continuing to spread. Today, the company is releasing another patch for the outdated operating system to put a stop to what Microsoft refers to as nation-state cyber attacks.
The patches going out today will be released for all supported versions of Windows closes a significant hole in the operating system being exploited by governments and other perpetrators. What’s more interesting is that this is the second ‘nation-state’ type vulnerability that Microsoft has patched, that we know of, this year, and further raises the question about how closely the company is working with governments around the globe to share exploits in the operating system.
This move is questionable on multiple levels. First, if Microsoft says that Windows 7 truly reaches end of life in 2020, is it really going to cut off support or will they release critical patches like they have done twice with Windows XP? Second, for those customers who are paying exuberant fees for continued Windows XP support, how does Microsoft explain to them that those not paying are still being supported with patches if a vulnerability is uncovered?
Microsoft has done more than enough to support Windows XP including extending its lifecycle support after companies were slow to move to Windows 7. By occasionally continuing to patch the OS, the messaging that the XP is no longer supported becomes questionable especially as companies begin to draw parallels to support for Windows 7.