Windows XP’s Time Has Come…and Gone

Photo credit: Ken Wolter/
Photo credit: Ken Wolter/

In the tech world, 12 years is an eternity. Relentless innovation typically drives frequent upgrade cycles, as products become faster and more capable. And yet, 12 years after its launch, Windows XP lives on, continuing to power millions of PCs and systems.

Our customers’ affinity for Windows XP is understandable. Many have relied on it happily for years. Windows XP has been an integral part of the information technology infrastructure for many, many businesses and organizations around the world.

Nevertheless, constant changes in the tech world – notably in the area of security – have made it increasingly difficult for older technology to keep pace. In accordance with our longstanding support lifecycle policy, Microsoft will discontinue formal support for Windows XP as of April 8, 2014.

This means Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.

Without support, computers running Windows XP will be become more vulnerable to new security threats. Over time, attackers will evolve their malicious software and websites to target newly discovered Windows XP vulnerabilities. We have communicated the risks of running an antiquated operating system and advised customers to upgrade to a modern one.

Upgrading will bring customers a range of benefits, including many dramatic improvements in security that have been introduced since Windows XP was launched in late 2001. As criminals have developed more sophisticated tools, Microsoft and others in the industry have raised the bar by evolving security development practices, as well as security features including firewalls, anti-virus programs, and web browser protections.

These efforts have made an impact. Many of the threats catalogued in the Microsoft Security Intelligence Report are successfully blocked by Microsoft anti-virus software and security features and mitigations built into modern Windows operating systems, Internet Explorer, Bing, and other products and services.

For customers that have not yet completed their migration, the list below describes some of the risks of running Windows XP after support ends, along with guidance to help temporarily protect against cyber-attacks before moving to a modern operating system:

RISK #1 – SURFING THE INTERNET: Malware attacks will target unpatched vulnerabilities in Windows XP-based systems. Prominent examples include ransomware, used to extort money for the release of stolen files, and worms, which spread by finding ways around firewalls or guessing weak passwords.

Guidance: Limit or avoid connections to the Internet using Windows XP. Increase the frequency of backing up data stored on Windows XP systems. Review any exceptions allowed through firewalls, keeping only the most essential. Use strong passwords on all systems.

Note: Changing browsers won’t mitigate this risk – most exploits aren’t related to vulnerabilities in browsers.

RISK #2 – USING EMAIL AND INSTANT MESSAGING (IM): Crooks may send more emails or IMs with links to malicious websites or malicious attachments that enable phishing and drive-by attacks on Windows XP systems.

Guidance: Avoid using Windows XP to access email and IM, and avoid clicking on links or opening attachments.

Note: Phishing attacks are typically embedded in the content of the message, so switching email or IM programs likely won’t help.

RISK #3 – USING REMOVABLE DRIVES: Attackers may use infected USB drives and other removable devices to distribute malware that targets newly found vulnerabilities in Windows XP.

Guidance: Avoid connecting removable storage devices to Windows XP systems. More information is available in this article: Defending Against Autorun Attacks.


Although these suggestions may help manage some of the risks in the short term, the best option by far is to upgrade to a modern operating system like Windows 7 or Windows 8, which have over a decade of evolved security mitigations built in. For older devices, built for Windows XP, we recommend purchasing modern hardware, which is much faster and more capable, and comes with improved security features.

The website can help determine which operating system a computer is running and provide guidance on upgrading. Additional information on the end of support can be found on the Windows website.

Windows XP has had a remarkable run, but a computer with an obsolete operating system will not be able to protect itself from modern-day criminals. The security and performance advantages of a modern operating system are clear. It’s time to upgrade from Windows XP.

Tim Rains is a director in Microsoft’s Trustworthy Computing group responsible for managing marketing and communications that span Microsoft’s boxed and cloud products as they relate to security, privacy and reliability. His team manages marketing and communications for the Microsoft Security Response Center (MSRC), the Microsoft Malware Protection Center (MMPC), and the Microsoft Security Engineering Center (MSEC), which includes the Security Development Lifecycle (SDL) and Security Science.

Rains earned a master’s degree in business administration (MBA) at Seattle University and a bachelor of arts (BA) degree at the University of Alberta. He also holds several technical certifications, including CISSP, MCSE, and MCSA, and has a Computer Systems Technology diploma from the Northern Alberta Institute of Technology. 

What’s hot on Infosecurity Magazine?