Patch Tuesday sounds the death knell for Windows XP

Patch Tuesday sounds the death knell for Windows XP

So this is it.

The big one.

We’ve had false starts before, but this time Microsoft really *are* going to tell the world about security vulnerabilities in Windows and *not* patch them in XP.

Sign up to our free newsletter.
Security news, advice, and tips.

As soon as Microsoft releases its regular bundle of security patches on Tuesday at approximately 10:00 am PDT, the clock starts ticking.

Because malicious hackers and penetration testers will be exploring how they can reverse-engineer Microsoft’s fixes in more modern versions of Windows to see if they can be exploited on the no-longer-supported Windows XP.

And, trust me, although the numbers are falling – there are still plenty of home users and businesses running computers on Windows XP.

It may be that they are still running XP because they don’t have the cash to upgrade old computers to run the likes of Windows 7. It may be the people who own those computers are simply in the dark about the final death of Windows XP.

Or maybe the companies running those XP PCs are reliant upon a critical application that was written an eternity ago for Windows XP, but which never got updated and the vendor who originally sold it to them has either gone out of business, or no longer has the source code.

And, to be fair, if those computers rarely access the internet (if at all) or are heavily locked-down, then maybe it’s okay that they’re still running Windows XP. Although, ideally, they would still be upgraded and running a properly supported and regularly patched operating system.

But, the clock will start clicking as soon as Microsoft releases its patches and I would not be surprised at all if we see some people either try to get themselves some media exposure by showing how clever they were to get one of Microsoft’s latest vulnerabilities to work on XP, or exploit them for their own financial ends.

Microsoft says that this month’s Patch Tuesday will address vulnerabilities in .NET Framework, Sharepoint, Microsoft Office, Internet Explorer and Windows in the form of eight bulletins – two rated Critical and six rated Important in severity.

Chances are that some of the fixes Microsoft has planned for Internet Explorer relate to vulnerabilities discovered during March’s Pwn2Own contest.

You can get a few more details (Microsoft doesn’t say too much in advance of the release of the Patch Tuesday updates for obvious reasons) in its advance notice, and it’s certainly very odd reading that page without seeing the words “Windows XP” mentioned once.

Whichever version of Windows you are running, do the right thing. If you’re running most versions of Windows that means rolling out the security patches as quickly as possible. If you’re still running Windows XP, it means moving forward with your plan to switch from the operating system to something better at the earliest, safest opportunity.

Oh, and don’t forget. Security holes aren’t just the domain of Microsoft.

As Lumension’s Russ Ernst wrote a few days ago, Microsoft will be joined on Patch Tuesday by Adobe – which will be releasing highly critical security patches for Reader and Adobe Acrobat at the same time.

This article originally appeared on the Lumension blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.