I missed that too and I read the entire article. NVDAVE is saying it was windows XP but I must have missed that as well
I didn’t say that this particular attack was on WinXP. I said that there are known keystroke loggers on Windows XP which Microsoft has yet to respond to. They have on other more recent variants of Windows, but not XP.
In this type of attack (cross-platform, cross-site scripting), a keystroke logger is the easy way to gain access to the server. Just log the keystrokes for the user’s server password on the Windows client platform, then use that with a trojan attack. Done deal.