Death of XP getting closer

August 26th, 2013 by Stephen Jones Leave a reply »

Microsoft is getting increasingly louder about the end-of-support for XP. Earlier this summer, Microsoft This week, Microsoft echoed that warning, adding a new twist, via an August 15 post on the Microsoft Security Blog.

After April 8, 2014, users running Windows XP Service Pack (SP) 3 — the last service pack delivered for the 11-year-old operating system — won’t get any more updates. That includes both security and “non-security” hot fixes, free or paid support options and online technical content updates.

Some customers won’t migrate off XP until the hardware it is on fails, but Tim Rains, Microsoft’s Director of Trustworthy Computing cautions about ignoring the April 8 XP support cut-off date. The mitigations Microsoft developed for XP SP3 were “state of the art” when they were published years ago, but are no longer enough to block the kinds of attacks Microsoft is currently seeing, After April 8, “attackers will likely have more information about vulnerabilities in Windows XP than defenders…. Organizations that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, then attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.”

“Windows XP will essentially have a ‘zero day’ vulnerability forever,” Rains said.

Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8. Windows XP still had more than 37 percent desktop OS share as of June 2013, according to Despite that fact, Microsoft officials have said they have no plans to extend yet again the cut-off date for support for XP.

Be warned!


Leave a Reply

You must be logged in to post a comment.