Although some had hoped that Microsoft would violate its own patching policy, the company yesterday stuck to its guns and declined to provide a fix for a critical bug to users running Windows XP Service Pack 2 (SP2).

On Monday, Microsoft shipped an emergency patch for the Windows shortcut bug that attackers have been exploiting for several weeks. The vulnerability affects all versions from Windows 2000 on, including XP, Vista and Windows 7.

But, per Microsoft's practice, the oldest operating systems and service packs were denied the update.

"To be crystal clear, there is no security update for XP SP2," said Microsoft spokesman Christopher Budd in a Webcast on the out-of-band patch that he hosted Monday afternoon.

More: http://www.computerworld.com/s/article/9180107/