While only two of the three holes affect XP and 2000 (and go to show just how much swiss cheese Vista really is), Microsoft has stated that they can't be fucked to plug the holes.
In a webcast release September 9th, which is probably edited to include 10% more lies, Microsoft insecurity program manager Adrian Stone, and his fellow ass pirate and program manager Jerry Bryant, stated that the code that they blatantly ripped off from BSD is around 15 years old, and that they were too lazy to bother fixing the code, thus users of Windows XP and 2000 were shit out of luck. (Webcast transcript here)
Microsoft's pitifully lame excuse as to why they weren't patching Windows XP was this: "By default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability," the bastards said. "Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network."
To make matters worse, Microsoft even tried to downplay the impact of their swiss cheese security. Their claim is that the attack would just cause a machine to stop responding because the network stack would suck RAM like there's no tomorrow, and that the attack would require that someone send specially crafted TCP packets (probably with a payload of Viagra spam) in a sustained mass flood, much akin to the the flood of shit that spews from Steve Ballmer's mouth every time it opens, and that the machine would return to normal once the attack stopped.
Ironically, Microsoft tried to pull the same shit back on 2003 in regards to Windows NT 4.0. They argued that they fucked up the code for Windows 2000 and later too badly for any fix to be backported to Windows NT 4.0.