The short version of this is that a unknown vulnerability (what’s known as a Zero Day Exploit) existed in multiple versions of Windows that was exposed in the NSA hack. As soon as Microsoft found out, they patched all of the versions of Windows that were currently under support, but not XP, which ended “Extended Support” in 2014 (12 years after it was introduced), which stopped all updates (including security updates) for everyone except a few large actors (the US Government among others) who couldn’t update their systems (or wouldn’t). Microsoft even put a pop-up in the last update to XP that told users they should upgrade to a newer operating system that appeared on the 8th of each month (although the user could disable this).

The New York Times has an Op Ed from an Assistant Professor at UNC on this. It demonstrates quite a bit of absolute ignorance of how the world works. She says a number of foolish things in this article (it’s worth reading), among which that MS should be supporting XP for free instead of charging for people who would like the privilege of running a 16 year old operating system. At what point should this stop? Should MS be forced to upgrade Win95 for free still (or at all?)?. I still have multiple systems that run 95/98/xp, because I am required to work with equipment that use these operating systems. For the most part, this equipment is airgapped at my customers (it is certainly my strong recommendation to do so), and if it is connected to the internet, well they pretty much get what they asked for.

The author also puts forward some of the standard FUD about Win10 being spyware, and complains (with some reason) about constantly changing interfaces in upgrades. So Microsoft gets (rightly in my view) blamed for the Win10 upgrade fiasco, but yet at the same time is to blame because people didn’t upgrade their systems, or had legacy software/hardware attached to the internet with a broad attack surface available.

The professor then advocates a more governmental regulatory system for operating systems(to keep us safe). If you thought Win10 was insecure now, wait until the USG gets through with it.

It really is one of the more foolish op-eds that has come out of the times in recent history, and demonstrates a propensity for governmental regulation that is astounding to me. The end user has some responsibilities, and if the UK system can’t afford to properly run their IT departments, that’s on the UK government, not MS.