Microsoft warns of Windows XP zero day vulnerability
Redmond urges businesses to migrate to Windows 7 or 8 to avoid zero-day flaw.
Microsoft continues to urge Windows XP users to upgrade to either Windows 7 or Windows 8 before support for the older operating system ends in 2014.
When support for Windows XP ends in April 2014, systems running the OS will effectively have a 'zero date' vulnerability forever, warned Tim Rains, a director of Microsoft's Trustworthy Computing group.
"When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update," Rains noted in a blog post entitledThe risk of running Windows XP after support ends April 2014'.
"But after April 8, 2014, organizations that continue to run Windows XP won't have this advantage over attackers any longer."
Rains claimed hackers will reverse engineer updates in the first security package released after XP is no longer supported as soon as it is issued and attempt to apply them to the older operating system.
"Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a 'zero day' vulnerability forever," he said.
"As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago. But ... the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see," Rains added.
Microsoft began a countdown for the end of Windows XP support in July 2011. With one year to go before the end of support, on 8 April 2013, the company also warned 600 million PC users would be at serious risk if they did not upgrade to a more recent operating system.
However analyst house Ovum said in users should not feel pressured to upgrade to Windows 7 or 8.
"If we assume that Windows XP systems have the latest patches, fixes and up-to-date security software installed ... there is no reason to believe that life after [April 2014] will be any different than before," Richard Edwards, principal analyst at Ovum said.
Nevertheless, Rains concluded his blog post by warning "organisations need a level of certainty about the integrity of their systems. Minimising the number of systems running unsupported operating systems is helpful in achieving that".
B2B under quarantine
Key B2C e-commerce features B2B need to adopt to surviveDownload now
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service managementDownload now
The five essentials from your endpoint security partner
Empower your MSP business to operate efficientlyDownload now
How fashion retailers are redesigning their digital future
Fashion retail guideDownload now