Microsoft Patch Tuesday: Retire Comfortably, Windows XP


Microsoft officially ended support of Windows XP, issuing its last security update for the venerable operating system and its Office 2003 suite, officially sunsetting the software in perpetuity. 

In its April 2014 Patch Tuesday round of security updates, Microsoft released two critical bulletins and two rated important, impacting Microsoft Word, Internet Explorer and all versions of its operating system. In all, Microsoft repaired 11 vulnerabilities impacting its software. 

The software giant has been passionately urging businesses and consumers to migrate to its more modern operating system versions, which support some deeply rooted security features. Operating system attacks have been in decline, partly because of the level of sophistication required to pull them off, said Wolfgang Kandek, chief technology officer of Qualys. In a recent interview, Kandek said he has tracked a steady decline of Windows XP systems as companies start to heed Microsoft's message. In 2013, more than 70 percent of Microsoft's security patches affected Windows XP, Kandek said, urging users to migrate. 

"There's no reason to believe that Windows XP systems won't continue to be a target," Kandek said. "There is a wide enough install base out there for cybercriminals to monetize an attack."

[Related: Despite Windows XP Deadline, Microsoft Partners Say XP Migration Business Isn't Drying Up]

Windows XP has had a good, long run, said John Noble, vice president of technology at Phoenix-based solution provider Avisolve. Some businesses have been reluctant to migrate away from Windows XP, but there's been more than enough time to say goodbye and move on, Noble said.

"I find it surprising how many medium and small enterprises do not seem to be concerned about it, but once there's an outage or a system gets infected, it is amazing how fast budget frees up," Noble said.

Extended Support of Windows XP is available to organizations that can afford the premium service. Microsoft struck a multimillion Euro deal with the Dutch national government to provide security updates on a regular basis. It has made similar custom support agreements with authorities in England and Australia, and some private-sector firms have made arrangements to continue to receive security updates. 

ATMs that are running a scaled-down, embedded version of Windows XP have until 2016 before support is officially ended.

While attackers have found ways to bypass newer security components, security experts agree that attackers have long migrated to targeting applications and browser components. Many of those components are still running on Microsoft, and the company made it a point to warn businesses and consumers last October that the infection rate on Windows XP systems is significantly higher than its newer Windows 7 and 8 platforms.

NEXT: The End Of An Era