After that, they could look at Windows XP for the same or similar code, possibly locate the vulnerability, and then write an exploit that will allow them to compromise the PC and plant malware on it.
Sounds far-fetched. How likely is that?
No one knows. But hackers often use the code-comparison technique — the difference between pre-patch and post-patch — to help them focus on the most-likely file or component with the bug.
How is this any different than when any other edition of Windows leaves patch support?
Unlike earlier Windows' retirements, XP maintains a huge presence among computer owners worldwide. According to Web analytics company Net Applications, XP accounted for about 28% of all personal computer operating systems used to go online in March, and about 31% of those running one flavor or another of Windows.
It's the size of the pool still running XP that matters, not that there are people who continue to rely on the old OS.
I've heard that Microsoft will continue patching Windows XP, but that you have to pay. Any truth to that?
Sort of. While the general public will see no more patches after Tuesday, the largest customers can participate in what Microsoft calls "Custom Support," an after-retirement contract that provides patches for all vulnerabilities rated as "critical," the most serious ranking.
According to analysts, a Custom Support contract runs about $200 per PC for the first year and more each succeeding year. The U.K. government, for example, paid Microsoft more than 5.5 million (approximately $9.2 million) for Windows XP, Office 2003 and Exchange 2003 patches for the next 12 months.
Custom Support isn't available to consumers, or to smaller businesses.
Is Windows XP the only software heading into retirement?
No. Also slated for the guillotine is Office 2003, the productivity suite that launched — you guessed right — in 2003. Although it would behoove you to distance yourself from Office 2003 — Microsoft will, for example, patch one flaw in Word 2003 later today — there seems to be little concern, either on the part of Redmond or customers, about Office 2003's impending retirement.
I use Internet Explorer on Windows XP. Microsoft's going to keep patching IE, right?
Ah, no. When Microsoft says it won't patch Windows XP, it really means it: After Tuesday, it will not fix flaws in any version of IE that runs on the OS. That's IE6, IE7 and the newest suitable for XP, IE8.
You might think that's strange: After all, IE8 runs on Windows 7, and Microsoft's not putting that out to pasture. And you would be right. IE8 will get patches on Windows 7 until the operating system is retired, which isn't until 2020.
Sign up for CIO Asia eNewsletters.