“But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.”
Because a security update will never become available for XP after April 8, “Windows XP will essentially have a ‘zero day’ vulnerability forever,” Rains said.
How likely is this scenario, realistically? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8, Rains said.
Windows XP still had more than 37 percent desktop OS share as of June 2013, according to NetMarketshare.com. Despite that fact, Microsoft officials have said they have no plans to extend yet again the cut-off date for support for XP.