XP EOS – Guidance for Small/Medium Businesses and Individual Consumers

I just checked the time, and as I write this post we still have 10 hours of support. By the time you read this, the timer will have reached 0.


That means that updates, including security updates, will no longer be provided for Windows XP from Microsoft.

Microsoft’s current lifecycle policies for support include:image

  • 10 years of support (5 years Mainstream Support and 5 years Extended Support) at the supported service pack level for Business, Developer and Desktop Operating System products
  • 5 years Mainstream Support at the supported service pack level for Consumer and Multimedia products
  • 4 years Mainstream Support for Consumer Hardware products

Please refer to Microsoft Support Lifecycle page for more details.

Thoughts to Consider

I have heard from a lot of people telling me that they will still keep using their XP because as “they” say, it’s the best OS for them.  In this scenario, items that should be taken in consideration include:

  • Are their XP machines domain joined?
  • Does their imaging process produce local Administrator passwords that are all the same?
  • Does their Domain Admins use their credentials to browse the web & check email on XP machines?
  • Do they have any Service Accounts running with Domain Admin?

According to the Microsoft Security Blog

The types of attacks that we expect to target Windows XP systems after April 8th, 2014 will likely reflect the motivations of modern day attackers.  Cybercriminals will work to take advantage of businesses and people running software that no longer has updates available to repair issues.  Over time, attackers will evolve their malicious software, malicious websites, and phishing attacks to take advantage of any  newly discovered vulnerabilities in Windows XP, which post April 8th, will no longer be fixed.

The Microsoft Security Blog also identifies additional possible risks that include:

  • Surfing the internet
  • Opening email and using instant messaging (IM)
  • Using removable drives
  • Worms will use any newly discovered vulnerabilities to attack windows XP
  • Ransomware

Infection rates

The following chart shows the encounter rate in comparison to the infection rate by operating system and service pack. The thing to keep in consideration is that while the encounter rate is similar across all Windows offerings, Windows XP could potentially pose a larger infection rate.

infection rate

*The charts above are based on existing data to date of the source, and do not anticipate additional effects of post-support Windows XP encounter and infection rates. Source: http://blogs.technet.com/b/mmpc/archive/2013/10/29/infection-rates-and-end-of-support-for-windows-xp.aspx

So What Should You Do?

There are ways to manage some of the risks of running Windows XP post April 8.  However, none as good as upgrading to a supported platform. So our best guidance is clear: the best option is to migrate to a modern operating system like Windows 7 or Windows 8.  If you’re still rocking the XP, start by visiting  AmIRunningXP.com, a website that provides guidance on how to upgrade.

stay tuned!



Pierre Roman | Technology Evangelist
Twitter | Facebook | LinkedIn

Comments (2)

  1. Robert says:

    Nice job Pierre.

  2. bill says:

    Well put and yes, the best thing to do is to upgrade to a supported operating system.

Skip to main content