The recent Internet Explorer remote code vulnerability has been fixed for all affected versions of IE, on every affected platform. Internet Explorer 6, 7, and 8 on Windows XP, both 32 and 64-bit versions of the OS, have received the update, despite being unsupported (EOL). The fixes are available on Windows Update.
According to Microsoft's official statement, these updates were pushed to Windows XP because it is close enough to April 8th, XP's EOL date, that it made sense to. Another possible reason is that, since IE6 (and later) are still supported on Windows Server 2003, the update is not entirely tied to Windows XP. It is not like the update was made exclusively for paid "Custom Support" users, IE 6, 7, and 8 are still supported products somewhere.
In any case, Microsoft is still clear with XP users that they are on borrowed time. They encourage users of Windows XP to migrate to Windows 7 or 8.1, and install IE 11 while they are at it. This will not be the bug to bite you, though.