Bekker's Blog

Blog archive

Microsoft's Head Fake on Windows XP Support

Did Microsoft just blink on security support for Windows XP?

Windows XP's extended support phase officially ends on April 8. The company has used a lot of tough talk over the last few years to make sure that all customers know that deadline is coming and that it means that from April 9 onward, keeping Windows XP PCs online is an invitation to cyberattacks because there will be no more security updates from Redmond.

Beyond that, Microsoft has been running customer and partner campaigns with the messaging that no amount of patching would make the dozen-year-old Windows XP as secure as more modern OSes like Windows 7 and Windows 8, anyway.

Then comes the odd decision unveiled last week that Microsoft will continue to provide signatures for malware on Windows XP through July 14, 2015. Those signatures will be delivered through Microsoft security and management products like Forefront Client Security, Forefront Endpoint Protection, System Center Endpoint Protection, Windows Intune and the free Microsoft Security Essentials.

I'm concerned that Microsoft's least sophisticated customers will misinterpret this move as an extension of Windows XP support. It's not.

Security experts order the priority of security steps very clearly. It's operating system and application patches first, virus/malware protection software installation with regularly updated signatures second.

What Microsoft has not done is change its decision on whether to keep patching Windows XP after April 8. So far, all indications are that it won't -- and it will be open season for the creation of zero-day attacks for Windows XP. All that signature support through July 2015 won't help much with that. (See Kurt Mackie's in-depth report here for more.)

Microsoft's announcement of the decision acknowledged as much. "Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited," the Microsoft Malware Protection Center blog post stated. In explaining the strange decision, the blog post said the move was intended "to help organizations complete their migrations."

The bottom line is that Microsoft hasn't blinked on the most important part of Windows XP support. But it has done a head fake that's probably going to fool some of the reported 29 percent of remaining Windows XP users into thinking that it's OK to procrastinate a little bit longer.

The longer all those laggard organizations wait, the more dangerous the Internet is for them and, because of their infected zombie computers, for the rest of us.

Posted by Scott Bekker on January 22, 2014


Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.