Microsoft this week faced the strongest test of its resolve to leave Windows XP unpatched. A serious flaw that has lain undiscovered in every version of Windows since 95 was fixed in all supported versions of Windows, but not Windows XP, which stubbornly remains the world’s second most used desktop operating system.

This is no ordinary bug, no trivial flaw. Rated as Critical by Microsoft itself, and scoring 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS), the hole is about as serious as they come. If exploited, the flaw could allow attackers to take control of the user’s machine, potentially turning the PC into part of a massive botnet, for instance. The flaw hasn’t been exploited yet, but the IBM researcher who discovered it said it was “only a matter of time”.

Given that Microsoft will likely already have patched the bug for those enterprises paying for extended support for Windows XP, would it not make sense to nip the threat in the bud and release an update for all Windows XP PCs? Microsoft doesn’t think so. “Microsoft no longer provides security updates for this operating system,” came the stiff-upper-lip reply from Microsoft’s press office, when I asked whether it intended to patch the flaw in Windows XP. “Our advice to customers is to migrate to a modern OS, like Windows 7 or Windows 8.1.”

Reblogged from PC Pro

Please read here for the full article