Microsoft has been pushing hard to let the many users of PCs that still have Windows XP installed to upgrade to a more modern version of the OS before April 8th, 2014. After that, Microsoft will no longer issue updates of any kind, including security patches, for Windows XP. Despite this looming date, the OS is still being used by over 37 percent of all PCs worldwide, according to Net Applications.
In a new post on the Microsoft Security blog, Tim Rains, the director of its Trustworthy Computing division, says that while he has heard of many businesses that will be upgrading their PCs from Windows XP to Windows 7 or 8, he has also heard from others that they don't plan on upgrading before the support cut off date. He added, "I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails."
Rains points out that when Microsoft releases security bulletins every second Tuesday of the month, they release them for all versions of Windows that are currently supported. However, some hackers then try to reverse engineer those patches to find the exploits that the bulletins were designed to fix and then create exploits that affect software that don't have those updates.
Rains states that after April 8, 2014, Windows XP won't get the security bulletins that will be included for Vista, 7, 8 and 8.1 users. He adds:
The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.
The malware infection rate on Windows XP is already much higher than more recent versions of Windows, as seen by this Microsoft-created chart above. In addition, Microsoft has released an infographic, shown below, that attempts to explain that the entire PC industry has changed since the launch of Windows XP in 2001, including the types of security threats that have to be dealt with.
Source: Microsoft | Images via Microsoft