We’ve mentioned a few times about the end of support for Microsoft’s Windows XP operating system. Once a year before the date the OS (and Office 2003) is set to lose support and in several other articles where Microsoft expresses its hope that people will rush to adopt Windows 8 as time ticks away for ye olde OS. Microsoft has decided to remind us again and senior executive Tim Rains, Director of Trustworthy Computing, was enlisted to write a blog post about the risk awaiting those remaining running Windows XP systems after 8th April 2014.
The main problem with people who stick with XP is, according to Rains, that the attackers will then have the upper hand as they “will likely have more information about vulnerabilities in Windows XP than defenders”. Apparently when any version of some software is updated to fix a vulnerability some people will test to see if the vulnerability exists in other versions of the software which are not yet patched. Software security updates are thus released by Microsoft simultaneously across all affected products. This service will end for Windows XP and Office 2003 next April.
“The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a ‘zero day’ vulnerability forever,” wrote Rains. He goes on to explain that Windows XP, Vista and Windows 7 have historically been affected by a many overlapping Microsoft security bulletins.
Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012
as reported in the Microsoft Security Intelligence Report volume 14.
Despite this, Rains says that many Microsoft customers won’t manage to make the transition from Windows XP in time and some others said they won’t upgrade Windows XP until the hardware it is running on fails. Also Rains points out that even now, while XP still receives security updates and hotfixes, it still suffers from a “significantly higher” malware infection rate than more modern OSes such as Windows 7 and 8. Windows XP’s support for Internet Explorer versions only up to v8 doesn’t help matters either.