Windows XP was supposed to have received its final patch last month. However, Microsoft has unexpectedly issued one final update, with a new patch to fix an Internet Explorer vulnerability extended to XP as well as more recent Windows releases.
Microsoft announced the decision in a blog post this morning. Trusted computing GM Adrienne Hall explained the apparent reversal:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don't take these reports seriously. We absolutely do.
It seems unlikely that we'll see any more official updates, and it has to be said: anyone still running Windows XP is missing out. Operating systems have changed a lot since 2001.
Updating Internet Explorer and Driving Security [The Official Microsoft Blog]