Wow I'm kind of surprised Microsoft folded to this. Maybe they'll continue to patch dangerous exploits for some time? At any rate maybe the patches going to the UK government and other entities that are paying for the patches might be leaked for all to use
Because the patch is for IE and is likely a fix that works for all versions of IE that were affected I would guess that it was trivial for Microsoft to issue the patch to XP systems. Once they resolved it for newer versions they may have realized the same fix can be applied to the XP systems and pushed it out to them as well. If that's the case then it may not have been a whole lot more work to include XP and it's great for PR given how quickly this major bug was found right after XP support had ended.
i think MS caved and pushed this to XP users because not only are there several major entities privately paying MS to support XP, but such a significant user base still uses the OS with no plans to move away it would be irresponsible of them to NOT patch that last 20% of the world's windows users and could generate an irreparable rift of dangerous zombie soldiers for which any hacker for the foreseeable future could, in theory, mobilize to bring down hardened targets on the net.
No doubt, patching this for XP was the "right" thing to do. As much as I am sure that MS wants people to buy licenses for their newer OS'es, they made a smart move by fixing a major hole for a platform that they said they were finished with. As Withoutweakness said, it probably wasn't all that much work anyway since making a patch to IE in one OS is probably not too much different than doing it for another, older relative OS.
They shoul've extended Windows XP support at least until they get Windows 8.1 Update 2 out the door. After all, the whole hold-up is the lack of Start Button. Adding a half-assed version of the Start Button with Windows 8.1 doesn't cut the mustard with most people, particularly when all it does is attempt to promote the Metro screen.
fixing internet explore 1-12 isn't an XP patch it's a fix for IE for EVERY SYSTEM...other wise IE would never have market share considering Chrome and Firefox don't have the problem and would be patched anyways if they did. best way to lose market share on one of your spyware apps is to keep supporting it no matter what. microsoft learned this after the 98 IE 6 debacle when Chrome and Firefox easily filled their shoes in .02 seconds.
Except that numerous security experts have said that Internet Explorer 9-11 are no more insecure than Firefox in the real world.
The fact is that Internet Explorer has NO more vuln's to it than Firefox does, the issue is that IE is to integrated into XP and Vista that it can do a lot of bad things if it does get infected.
At the price structure they've put on Win8.1 it became too hard to resist for me and I left XP.
The important thing to remember is that all browsers were exposed to a threat from a flash-relate security loophole. The problem is that older Flash modules (Adobe) left a memory hole that could be exploited. If you search the web you'll find stories about Mozilla Firefox users getting hit with a similar flash-related bug from a Syrian website recently. Chrome also quickly issued a fix for the Flash-related bugs in the last few days. Presumably Mozilla did or will do the same in their upgrades. In a recent test by independent NSS labs they found that Internet Explorer ver11 caught over 99.9% of the viruses trying to enter your system when you click on something in a bad email. Firefox caught 4.2%. Google which is still based on some Firefox licenses caught 70.7 %. Opera was at 28% So the important thing is transparency and response. Who's warning you when they find a problem? Whose got a fix?