Yes, you *can* still get Windows XP security updates after April 8th. But it will cost you £5.5 million

Windows, British-styleSo, Microsoft was telling us fibs all along.

It turns out that when they said, way back in 2007, that they would no longer support Windows XP after April 8th 2014, and that no more security updates would be made available, they weren’t actually telling the truth.

It appears that you *can* still get Windows XP security updates… albeit at a slightly hefty price.

Yes, the UK Government is paying Microsoft over £5.5 million of taxpayers’ money to receive support and security updates for a further 12 months, while the rest of the country will be left with the choice of sticking with a vulnerable operating system or having to splash out on new software and (perhaps) more modern hardware.

Sign up to our free newsletter.
Security news, advice, and tips.

Computer Weekly report Bryan Glick broke the story:

The government has signed a deal with Microsoft to provide Windows XP support and security updates across the whole UK public sector for 12 months after regular support for the operating system ends on 8 April.

The agreement is worth £5.548m, and covers critical and important security updates for Windows XP, Office 2003 and Exchange 2003, all of which have reached end of life in Microsoft’s normal product cycles.

One condition for any public sector body wishing to take advantage of the extended support is that they have a “robust plan” in place to move off Windows XP, Office 2003 and Exchange 2003 within a year.

You would have hoped, wouldn’t you, that with seven years’ notice of the demise of Windows XP they would already have a “robust plan” for switching to a more modern operating system.

The Crown Commercial Service (CCS), which haggled the deal with Microsoft, claims it will save £20 million in the next 12 months as a result.

Sarah Hurrell, commercial director for IT and telecoms at the CCS, declined to give figures for just how many UK government PCs are still running Windows XP, but it has been estimated that 85% of the approximately 800,000 PCs in the National Health Service were still running Windows XP as of September 2013.

Stating the blinding bleeding obvious, Sarah Hurrell says: “The NHS is very grateful for this deal.”

A £20 million saving, eh? One wonders what kind of saving the British government could have made with an even bigger deal. Maybe, rather than just securing updates for its own computers, and those of public bodies, it could have negotiated a “site license” with Microsoft for the entire country.

BritanniaYes, wouldn’t that be marvellous? Imagine if the entirety of the United Kingdom of Great Britain and Northern Ireland had been given a wonderful present of XP security updates for another 12 months.

Not only might that have been a vote winner for those businesses and consumers with older computers who are wondering how they’re going to handle the security update shut-off for XP, but maybe it would have even boosted the economy?

Picture it, all of us Brits could have benefited from economic tourism as people around the world flocked to our shores to sit in a Marks & Spencer restaurant, drinking PG Tips, and downloading their Microsoft Windows XP security patches, as purchased by the British Government.

It doesn’t sound like that’s going to happen though. So, maybe the best we can hope for is that some charitable soul will be a little bit naughty and shove any security updates he downloads onto his NHS PC into a downloadable torrent as a favour to other XP users.

But seriously, as soon as you can, ditch Windows XP. It’s time to say goodbye.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Yes, you *can* still get Windows XP security updates after April 8th. But it will cost you £5.5 million”

  1. BitterReality

    How sad that in the 7 yrs since announcing they were going to shoot XP an operating system hasn't materialized out of the cloud that actually works, is secure and isn't obscenely expensive.

    1. Coyote · in reply to BitterReality

      There really is no such thing as "a secure operating system", not in the truest sense of the words. and there never will be. Even an out of the box hardened operating system (e.g., OpenBSD) could be made insecure (certainly less secure, even by adding a service to the system is one more attack vector) simply by an administrator making a mistake in a configuration file, a mistake somewhere else in the network – or system … – or in fact being a victim of malware (let's remember folks that the first major worm – and we're talking late 80s, not 90s, not 2000s – hit Unix systems through _multiple_ and _different_ services having flaws – and naturally they were not the same flaws as the services were completely unrelated to each other – and therefore no, even Unix is not completely secure and no system ever will be). On the part of price, well, there's definitely free alternatives that ARE good, stable (much more so than Windows) and secure (take two people: one a long time security researcher and one an average user. Now, who do you think will have the most secure of the same OS and same software? Exactly: the one with experience) as they can be, given the people using them (it really comes down to the user a majority of the time). The problem is users unwilling to learn them. But who is at fault there? The users yet again. I do know of some corporations who actually do use free operating systems but they are of the minority and that is much to the companies (that don't use them) loss (not considering potential training costs of course… though, some of the free alternatives are also somewhat dumbed down that really there shouldn't be a need to do much training for normal office work).

      So [you] can complain all you want about price but it really isn't a for-profit (e.g., Microsoft) company's fault (and I loathe Microsoft almost as much as I do Apple but what do you expect? They're there to make money. Also, things change over time and Windows XP is ancient in computer standards, so really it would be MS losing money… that they gave seven years warning is beyond what should be expected – and again I very much dislike MS).

      As for actually works, well, again, as I already noted: that comes down to the user especially if you add all your variables up (since the most stable tend to be open source and free and the fact they are the most stable is for good reason. Yes they have flaws but they are fixed very quickly once noticed… no needing to insist on it – they'll do it like responsible programmers do… this essentially takes money out of the equation but I'll pretend that isn't the case). Besides, something else I pointed out is: let's assume you had all the money in the world and you didn't find Windows expensive. Okay, my understanding is the newer versions of Windows are much more stable and capable than the previous versions. So works is marked off as OK. Money isn't an issue so that is marked as OK. Then, as for security, an experienced user could make a Windows system more secure than an inexperienced user could make a Unix system. In fact, I would be willing to bet that the inexperienced user would end up making the Unix system _less_ secure than it started with while the experienced user will make the Windows system _more_ secure than it started with. And I mean bet by money. And I never bet unless I know I'll win! So the only one that really can be complained about is nullified by the very fact that humans create, destroy and use whatever comes in their path, however they see fit (or in the case of drugs and certain illnesses, how the drug and/or certain illnesses see fit).

      Shortly: it always comes down to the fact that the weakest chain in security (and pretty much everything, actually) is the humans involved (whether multiple humans who cannot get along or work as a team, or an individual… all of that is irrelevant in the end).

  2. If there are 800,000 XP Pcs in the NHS alone £5.5 million sounds like a bargain! I'd pay a fiver for a year of XP support.

    I wonder how much of the taxpayer's money it would take to upgrade the uncounted PCs to the current Windows?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.