Microsoft will "draw a line in the sand" come April 2014 when Windows XP exits support, security researchers said today, even if millions of customers are still running the aged OS and a zero-day bug threatens the Windows ecosystem.
Or maybe not. Other experts believe Microsoft will have no choice but to continue supporting XP.
Windows XP, now in its twelfth year, is slated for retirement on April 8, 2014. After that date, the ancient OS will receive no further security updates or bug fixes, except to enterprises that pay for high-priced support contracts.
PCs running XP will not suddenly stop working, of course, but they will be at risk to attacks exploiting vulnerabilities uncovered -- and patched for other editions of Windows -- from that point on.
Michael Cherry, an analyst with Directions on Microsoft, a Kirkland, Wash. research firm that focuses solely on Microsoft, posed a scenario.
"Suppose we get to a date post the end of Extended support, and a security problem with XP suddenly causes massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Cherry. "It is not just harming Windows XP users, it is bringing the entire Internet to its knees. At this time there are still significant numbers of Windows XP in use, and the problem is definitely due to a problem in Windows XP. In this scenario, I believe Microsoft would have to do the right thing and issue a fix ... without regard to where it is in the support lifecycle."
Microsoft has already extended XP's lifespan. In early 2007, Microsoft gave XP a reprieve, adding support time to Windows XP Home and XP Media Center to match the date already set for Windows XP Professional.
By the time Microsoft pulls the XP plug, it will have maintained the OS for 12 years and 5 months, almost two-and-a-half years longer than its usual practice and a year longer than the previous record holder, Windows NT, which was supported for 11 years and 5 months.
Cherry isn't the only one who figures Microsoft will again pardon XP.
"I don't think they'll stand firm on this," said Jason Miller, manager of research and development at VMware. "What if XP turns out to be a huge virus hotbed after support ends? It would be a major blow to Microsoft's security image."
In Miller's scenario, like Cherry's, the assumption is that vulnerabilities will continue to be uncovered -- either by legitimate researchers or cyber criminals -- that will affect not only XP, but other, still-supported editions. If hackers roll out successful exploits that hijack XP PCs because a patch was not forthcoming, those machines could, in turn, infect systems powered by newer versions of Windows.
Sign up for CIO Asia eNewsletters.