OSNews

Actually, Microsoft confirmed that ALL versions of Windows and ALL versions of Internet Explorer are vulnerable; not simply WinXP+IE6.
Please get your facts right.



Management is more to blame on this, or rather mis-management.

If management bought something to run internally, then they would need to buy a new version of the software, probably with money they don't have as it needs to go elsewhere (e.g. your salary).

Alternatively, management contracted out, and the contract may stipulate a certain version of software be used (e.g. Windows XP, IE6); in which case, the contractor may have their hands tied with respect to upgrading the software until the contract renews - and then, only if the management agrees.

This then comes back to bite management and the contractor - management may have more than one contract with said software stipulated, but not have them all renew at the same time; so they will be reluctant to change the contract.

Likewise a contractor may have a contract with one client with said software stipulated, and may have not have the resources to maintain the software both for that one client and update it for everyone else. (It may be their primary client has the stipulation.)

All said, there are numerous reasons - all of which are legitimate - as to why software may not get upgraded. The problem is breaking the cycle so that the upgrades can happen; or getting management to spend the money (or both).

In a beaurocratic company (basically any company with >10000 employees, and many with less as well) it's a hard thing to get software upgrades. (Many are still migrating or just finishing the migration from Win2k to WinXP!)