Microsoft: Windows XP will have a zero day vulnerability forever, support ends April 2014

News

Reading time icon 2 min. read

Calendar icon Published on

by Radu Tyrsina 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Windows XP Bliss

For those that didn’t know, support for Windows XP ends April 8th of 2014. This means on that day, Microsoft will no longer release security patches for the operating system. Microsoft is warning those who are still on Windows XP that there will be a zero day vulnerability forever, since no new security updates will be released and hackers will look to take advantage of that.

“But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a ‘zero day’ vulnerability forever,” Microsoft stated in an official blog post.

Hackers aren’t dumb. When Microsoft rolls out a security update for specific operating systems, these hackers or “security researchers” or even criminals (however you want to call them), will attempt to reverse engineer the security update to find the piece of code that contains the vulnerability that is addressed in the update. Once this is identified, hackers will develop and exploit that code on operating systems that do not have the security update. In this case, Windows XP will be vulnerable since it will no longer receive any security updates. Thus making Windows XP vulnerable forever.

“One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders,” Microsoft explains. Hackers have evolved over the years and have overcome one of the biggest security mitigation features, Data Execution Prevention (DEP), in Windows XP.

Are you still running Windows XP in your workplace?

Radu Tyrsina

Radu Tyrsina Shield

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.