Microsoft has refused to patch Windows XP for a pair of bugs it fixed last week in Vista, Windows Server 2003 and Windows Server 2008.

A spokesman said that XP was 12 to 15 years old and some bugs cannot be fixed. This is the second time Microsoft has refused to fix a bug in one of its older operating systems. Windows 2000 will be forever holey from now on because Microsoft felt that creating a fix was "infeasible." The bugs in question are in Windows' implementation of TCP/IP, the Web's default suite of connection protocols. All three of the vulnerabilities highlighted in the MS09-048 update were patched in Vista and Server 2008. Only two of the trio affect Windows Server 2000 and Windows XP.

Microsoft said that by default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability.

“Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network, " Microsoft said.

Microsoft downplayed the impact of the the flaw. "A system would become unresponsive due to memory consumption. A successful attack requires a sustained flood of specially crafted TCP packets, and the system will recover once the flood ceases," it said.