Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says No TCP/IP Patches For XP

Posted by timothy on from the to-improve-your-customer-experience dept.

CWmike writes "Microsoft says it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008. The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4. 'We're talking about code that is 12 to 15 years old in its origin, so backporting that level of code is essentially not feasible,' said security program manager Adrian Stone during Microsoft's monthly post-patch Webcast, referring to Windows 2000 and XP. 'An update for Windows XP will not be made available,' Stone and fellow program manager Jerry Bryant said during the Q&A portion of the Webcast (transcript here). Last Tuesday, Microsoft said that it wouldn't be patching Windows 2000 because creating a fix was 'infeasible.'"

6 of 759 comments (clear)

  1. Yeah, right by DoofusOfDeath · · Score: 5, Interesting

    "Microsoft says it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista

    The U.S. Navy's and Marine Corp's NMCI computing infrastructure is all Windows XP. Let's see whether or not Microsoft withholds a patch from them.

    1. Re:Yeah, right by Cryophallion · · Score: 5, Interesting

      I just had to post an invoice to the marine corp's web site. I luckily had one computer at work that was not upgraded to ie8. It would only respect ie6 or 7, and had some issues if I just changed the user agent on FF.

      If people keep being forced to upgrade their browsers, no one will be able to use the government systems anymore.

      I'm sure it will be an issue for the little companies billing, but you'll never hear about it.

    2. Re:Yeah, right by KnownIssues · · Score: 5, Interesting

      XP SP2 and later are fine by default. What does that mean? Does that mean it's the only possible configuration? Or is it reasonable that an XP SP2 computer could end up in a state where it does have a listening service configured in the client firewall? Doesn't Vista include "a stateful host firewall that provide protection for computers against incoming traffic from the Internet [...]"? I should think so, so wouldn't that invalidate their reasoning?

      I wouldn't be surprised if Microsoft is perfectly correct in not patching XP. The problem is how they communicate it. If they're patching Vista (a client OS) and they're patching Server 2003 (similar codebase to XP), then this makes it seem like they don't want to bother fixing XP, even though it's broken. If Microsoft had said, "the XP codebase is in no way vulnerable", I'd be completely satisfied. But they didn't. They said, "XP is broken, but by default it's protected".

      That's not good enough.

  2. That's why I like open source by jgardia · · Score: 5, Interesting

    well, that's one of the positive aspects of the open source code. If the main developer doesn't want to fix something, then someone else can do it.

  3. Question by bjackson1 · · Score: 5, Interesting

    Isn't the codebase for XP and Windows 2003 essentially the same? Why can't the 2003 patch be modified? I don't remember reading that the TCP/IP stack was that different in 2003.

  4. XP Still uspported on netbooks. by Chrisq · · Score: 5, Interesting

    Since XP is still being shipped and supported on netbooks this seems a little strange. What's the message - spend extra on memory and hard drive so that you can run XP instead of Linux but we won't give you security patches?