With one month left until Windows XP retires, Microsoft is facing scrutiny regarding the security risk it's exposing by leaving millions of computers vulnerable to attack. When Microsoft officially retires the 13 year old system, its users will no longer receive fixes, security updates, and patches. Moreover, support will no longer be available.
Windows XP is still largely used by businesses, and many of them are unprepared to deal with the transition to a new operating system. It's believed that close to 95% of ATM's use Windows XP. Without any legislation requiring them to keep a current operating system, it may be years before new systems are developed and upgrades are pushed out for all computers that handle financial data.
The PCI Security Standards Council includes a warning on their website: "make sure your PC and systems are not putting your customers' confidential payment card data and your business at risk."
According to Net Market Share, close to 30% of people still use Windows XP on their Desktop computers. Even with a good antivirus, users will be vulnerable to zero-day exploits, or security loopholes that Microsoft doesn’t know about.
Cleaning your system and installing a good antivirus isn’t enough. Malware authors are surely “bug banking” – hanging on to zero-day exploits until after retirement, when they know a patch won’t be released to fix it. For attackers who don’t have an exploit already, all they need to do is wait for security updates on supported systems to be released. According to Tim Rains of Microsoft’s Trustworthy Computing Group, “attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP,” and then develop their own exploits.
Despite several campaigns warning of the end-of-support era for XP, there hasn’t been much acceleration in the number of users transitioning to modern systems. The unpopularity of Windows Vista and Windows 8 may be to blame for the relatively low number of users switching to newer systems. Windows 7 does have the largest desktop user base, but new systems are shipping with Windows 8 and users who want Windows 7 need to install it themselves or purchase a used or refurbished system.
Microsoft has no plans to extend the deadline, and argue that they have already supported it longer than the traditional 10 year deadline. Microsoft plans to ship the last public patches for Windows XP on April 8.