Microsoft caused a few surprise last week with the announcement of one last update for Windows XP, in order to fix a major security flaw in its Internet Explorer browser. This comes after support for XP officially ceased last April.

The company explained its decision in a blog post, saying it was providing the update to XP users due to “the proximity to the end of support for Windows XP”. It’s certainly welcome news for those enterprises that have yet to rid themselves of Microsoft’s aging OS, giving them a bit of breathing space before further security problems inevitably arise. It’s also possible that Microsoft had planned this all along, if only to remind companies of just how important its security updates really are.

Even so, the decision has probably caused a lot of confusion too. Some ITs who’ve been pushing their bosses to upgrade to a new OS might look a bit stupid now, while it also gives false hope to those who haven’t upgraded that Microsoft will step in to save the day when they really need it.

The main reason Microsoft chose to give XP users one last update is, besides the serious nature of the IE flaw, 26 percent of all the world’s PCs still run on the OS, according to NetMarketShare. That’s an awful lot of customers that Microsoft no doubt, feels some degree of responsibility for, even if they’ve been warned time and time again.

Something similar actually happened in early 2005. Back then, support for Windows NT 4 had ended in December 31, 2004, and it was a server operating system of great importance at the time. So when CAN-2005-0050 came out, “MS05-010 — Vulnerability in the License Logging Service Could Allow Code Execution (885834),” Microsoft released an NT4 update even though it had said it wouldn’t and, just as with XP, they had been warning users for years.

Even so, the update was not put on Windows Update and instead had to be downloaded from the Microsoft Download Center and manually installed. It gave the following explanation for its decision:

“Windows NT Server 4.0 Service Pack 6a and Windows NT Server 4.0 Terminal Server Edition Service Pack 6 reached the end of their life cycles on December 31, 2004. On this rare occasion, we believe that this vulnerability presents a serious risk to a broad number of customers. We have previously communicated that we reserve the right to produce updates in these situations. We determined that the best course of action to help protect customers was to release this security update. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin. However, since Windows NT Server 4.0 is no longer in support, this security update will only be available on the Microsoft Download Center and will not be available through Windows Update.”

“We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but as mentioned previously, we reserve the right to produce updates and to make these updates available when necessary. It should be a priority for customers who have this operating system version to migrate to supported operating system versions to prevent potential exposure to vulnerabilities.”

It’s inevitable that more serious vulnerabilities are going to emerge, and when these do it’s possible that Microsoft might step into the breach once again, but don’t count on it. However, now that it’s done so once, there will be calls for it to do so again, particularly as it’s still going to fix the most serious security issues anyway – Microsoft is, after all, providing support for select governments and organizations under its costly extended support program.

Of course, Microsoft is quite within its rights to end support right now. Windows XP is more than 12 years old, and its since released Vista, Windows 7 and Windows 8 in that time, giving firms plenty of upgrade options. More than a decade of support is already pretty generous, even when it comes to enterprise software. Nevertheless, Windows XP is still widely used and likely to be dogged by many more security issues down the line, so it’ll be interesting to see whether or not this really is the end of the road.

photo credit: Alfred Hermida via photopin cc