News

Windows XP Support Deadline Does Not Apply to Embedded Systems

Most Windows XP Embedded versions will live on for a few more years, even as the Windows XP desktop OS loses "extended" support on April 8, Microsoft clarified this week.

Of the Windows XP Embedded OSes, only Windows XP Professional for Embedded Systems will lose extended support on the same day as Windows XP. That's because the Pro version is basically the same product as Windows XP for desktop computers, explained Dave Massy, a senior program manager on the Windows Embedded team, in a blog post.

The loss of extended support means that no more security patches will be issued by Microsoft for the OS, leaving systems potentially vulnerable to attack.

Two Windows XP Embedded products will lose extended support in 2016, while two others face 2019 end-of-life dates, according to the post:

  • "Windows XP Embedded Service Pack 3 (SP3). This is the original toolkit and componentized version of Windows XP. It was originally released in 2002, and Extended Support will end on Jan. 12, 2016."

  • "Windows Embedded for Point of Service SP3. This product is for use in Point of Sale devices. It's built from Windows XP Embedded. It was originally released in 2005, and Extended Support will end on April 12, 2016."

  • "Windows Embedded Standard 2009. This product is an updated release of the toolkit and componentized version of Windows XP. It was originally released in 2008; and Extended Support will end on Jan. 8, 2019."

  • "Windows Embedded POSReady 2009. This product for point-of-sale devices reflects the updates available in Windows Embedded Standard 2009. It was originally released in 2009, and extended support will end on April 9, 2019."

The "componentized" aspect of some embedded OSes indicates that independent software vendors have the option to reduce the footprint of the OS by excluding some of Windows XP's functions that don't fit the design criteria of a particular device. Reducing the footprint can aid security by enabling fewer avenues of attack. The embedded OSes also lack the Windows Update component, according to a Microsoft whitepaper (PDF), so the embedded OSes aren't subject to change as much as their desktop cousins.

Windows Embedded OSes typically get used for special-purpose devices or kiosks, including point-of-sale devices or inventory devices. They might not represent a typical attack object, although both Neiman Marcus and Target recently had point-of-sale device malware breaches. Possibly, the Target stores used Windows XP Embedded or Windows Embedded for Point of Service OSes, according to a Krebs on Security post. Many ATM machines used by banks also may be using Windows Embedded OSes.

In the meantime, the April 8 loss of extended support for Windows XP desktop computers is expected to be a major potential security problem for organizations. Microsoft has warned that using it after that date could subject organizations to perpetual zero-day vulnerabilities.

Windows XP for desktops still is widely used. The OS had a 29 percent market share measured back in January, according to Net Applications' data.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.