XPocalypse, not now

Two months after Microsoft ended support for Windows XP, the catastrophic wave of exploits security experts expected to wash over the aged operating system have failed to materialise.


Two months after Microsoft withdrew support for Windows XP, the catastrophic wave of exploits that security experts predicted would quickly wash over the aged operating system have failed to materialise.

Microsoft provided its last regularly-scheduled security updates for Windows XP on April 8, making only a single one-time exemption several weeks later when it patched a then-being-exploited vulnerability in Internet Explorer, including the browser on XP.

But widespread, extraordinary Windows XP-specific attacks have not unfolded. Or perhaps better put, if they have, they haven't reached a level where watchful security companies have noticed. And antivirus vendors are among the first to shout warnings, both for altruistic and self-serving reasons.

Instead, the malware landscape has been populated with the usual, an unfortunate run-of-the-mill blend of phishing attacks, exploit kits and ransomware.

That's not what some security professionals believed would happen.

"When someone discovers a very reliable, remotely executable XP vulnerability, and publishes it today, Microsoft will patch it in a few weeks," said Jason Fossen, a trainer for SANS and an expert on Microsoft security, in an August 2013 interview. "But if they sit on a vulnerability, the price for it could very well double. [So hackers] will be motivated to sit on them."

Fossen's thesis -- that cyber criminals would "bank" Windows XP vulnerabilities and put them to use only after April 8, 2014 -- was not his alone. Microsoft believed it, too.

Several times in the last 12 months, the Redmond, Wash. company warned Windows XP customers to get the lead out, ditch the creaky, leaky OS or face a certain surge in attacks. The most notable was in October 2013, when Tim Rains, director of Microsoft's Trustworthy Computing group, cited statistics from the firm's own telemetry to suggest that post-retirement Windows XP malware infection rates could jump dramatically.

So far, nothing.

"Recommended For You"

RSA security lapse in protecting Windows XP key to March hack Hackers find first post-retirement Windows XP-related vulnerability