For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP.
To be clear, the deadline for ending support is still April 8, 2014, after which Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.
But, considering that Windows XP still commanded 29% of the Windows market as of December 2013 (behind Windows 7 (48%) but far ahead of Windows 8 (11%) and Windows Vista (4%), the software giant is doing what it can to ward off a security apocalypse brought on by suddenly creating millions of unprotected systems sitting in corporate networks and consumer homes.
The security backtracking, however, shouldn't be seen as a reason to delay migration. “Our research shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited,” Microsoft cautioned in a blog. “Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape.”
The stakes are high: the disowning of XP by Microsoft essentially means that any zero-day exploit released into the wild will run rampant on vulnerable systems with no security fix in sight.
The reality is that the threat will be very, very real when April 9 rolls around. “In an ideal world, everyone would move to a newer operating system environment, but for many it takes time due to a reliance on legacy applications, interoperability with existing systems and many other reasons. This makes such unsupported operating systems a security target,” said Simon Townsend, chief technologist for Europe at AppSense, in a comment to Infosecurity.
But he’s looking at the sunsetting of Windows XP as a teachable moment. "IT departments are starting to realize that end point security protection and anti-malware solutions are only one form of protection against vulnerabilities and with targeted attacks on the increase, organizations need to have systems in place to protect against the unknown as well as the known,” he added.