They have done upgrades past IE6, even for XP. These are installed automatically if you have automatic updates turned on. The problem is people who turn off automatic updates, or enterprise organizations who use Group Policy to block browser updates.

Yes, but pirated versions are the problem. If they cared more about security than piracy, they would have disabled WGA and let the new updates install (without WGA approval, only serious vulnerability patches are installed, not whole new software).

WGA is really easy to bypass, that isn't an issue. And you can bet that 90% pirates won't use IE6, they're somewhat tech savvy.

you're thinking of the wrong sort of pirates. The pirated copies of XP that are running IE6 are computers that are sold on the street in china. the people operating them have no idea that their OS isn't legit (nor do they care) and whoever sold them the computer turned off automatic updates so the end user wouldn't get the message that they were running a non-genuine copy of windows.

Those end users aren't people who matter to many Western businesses though.

When persuading a client to drop explicit IE6 support they said "but x00000 hits are using IE6", we looked into the stats and the vast majority of the IE6 traffic was coming from China and not buying anything.