Microsoft refused to patch Windows XP

To the surprise of security experts, Microsoft refused to patch the recently discovered TCP / IP vulnerability in Windows XP and Windows 2000. One of the leading security managers for Microsoft programs, Adrian Stone, said that this fragment of the source is too old, aged 12 to 15 years, and to understand the code at this level "is simply unrealistic" [backporting that it’s not feasible]. This phrase was said live on a monthly security webcast ( transcript ), answering questions from the audience.

Two bugs in the TCP / IP stack were detected on September 8th. Vulnerability also affects Windows Vista, Windows Server 2003 and Windows Server 2008. For the three systems mentioned, there was an update MS09-048 , but there is no need to wait for the patch for Windows 2000 and Windows XP. To protect against malicious TCP / IP packets, Windows XP users are recommended to use the built-in firewall functionality.

It should be recalled that Windows XP is the most popular OS in the world today. Under the terms of the user agreement, Microsoft is obliged to release security updates for Windows XP until April 2014, writes Computerworld.
')
Failure to patch a vulnerability found for a system that is on support is quite rare. According to Stone, the last time Microsoft took this step was in March 2003 with Windows NT 4.0.