InsightaaS: Naked Security is a news/blog site hosted by security vendor Sophos. In this post, Paul Ducklin examines the messaging surrounding XP’s last 31 days. The post includes screenshots and descriptions of pop-ups that XP users will be seeing over the next month, and discusses related issues like the potential for long-term XP exploits (with a lesson learned from Apple’s recent OS X kerfuffle) and what to do moving forward if you’re “stuck with XP.”
There are 31 days in March.
So, counting from when this article was written, that gives almost exactly one month left until Windows XP gets its Goodbye, Farewell and Amen moment.
XP users will get security updates on Tuesday, 11 March 2014, as they have for just over ten years.
They’ll get scheduled security updates again on 08 April 2014.
And then that’s it.
No more updates, neither scheduled nor emergency, no support, no nothing.
From then on, as we’ve pointed out many times, if someone finds an vulnerability in XP they’ll be able to exploit it for ever.
It also means that the fixes that will be coming out for Windows 7 and 8 may end up helping hackers to zoom in on exploits in XP.
After all, a lot of code in the current versions of Windows has been carried forward, albeit with modifications, from XP.
Anyone who doubts the possibility that forthcoming fixes might act as “exploit signposts” for XP should take note of Apple’s recent troubles with SSL/TLS.
An important security fix for iOS got people asking, “Hey! I wonder if this hole is in OS X as well?”
It very quickly became obvious that OS X had exactly the same bug…