Skip to main content

Has Microsoft set a dangerous precedent on the Windows XP security front?

It's now a month since support for Windows XP came to an end, and we've already had our first exciting little post-XP incident. When a security flaw was discovered in Internet Explorer, an out-of-band patch was released for XP users despite Microsoft's previous claims that no more such updates would be issued. A month on seems like a good time to assess the lay of the land for the operating system, and that's precisely what security firm Secunia has done.

Looking at the install base for Windows XP, Secunia found that over in the States there has been a very steady decline in usage from the beginning of the year. According to Secunia's numbers, XP could be found on 22 per cent of US PCs between January and December of 2013, but this dropped to 18 per cent in the period January to February this year. It is possible that this marked drop could be attributed to people finally coming to terms with the idea that XP was no longer being supported and deciding to move on. But things start to slide further as we move into April.

One week after XP's end-of-life, usage dropped to 17 per cent, and just one week later it dropped a further percentage point to 16 per cent. Four weeks after the end of support for XP, the operating system was to be found on just 15 per cent of US computers. This coming "Patch Tuesday" will be the first one after the Internet Explorer patch was released recently and Secunia is warning that as time goes by, Windows XP users will "be a 'free-for-all' to hackers".

Kasper Lindgaard, Secunia's Director of Research and Security, commented: "Come Tuesday, Microsoft will be patching some vulnerabilities in Windows, and it is realistic to assume that at least one of these will also affect Windows XP". And this is where the concern lies. "We can expect to see exploits in the wild for vulnerabilities in XP because it is End-of-Life, private users will not receive patches from Microsoft". It is not as though this notion has come out of the blue, but the severity of the Internet Explorer problem means that XP users and security experts are looking at the situation with renewed interest.

"We will see a rise in attacks," warns Lindgaard. "Future patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and subsequently – if applicable – modified to work against Windows XP". It's not clear whether Microsoft will back down from its "no more support" stance again, but with the Internet Explorer issue, the company has set a precedent – and possibly made a rod for its own back.

Image Credit: Jirsak/Shutterstock