Businesses should also consider disabling or blocking access to the USB ports on these PCs to prevent malware infections via external peripherals such as flash drives. "Connecting removable storage devices to Windows XP systems should be avoided," wrote Tim Rains, a director in Microsoft's Trustworthy Computing group, in a blog post in late March.
It's also key to place limits around Windows XP machines so that they can only access specific applications, data and resources on their business' internal network, and can only be used to visit hand-picked external websites. One way to constrain and isolate Windows XP is to run the OS in virtualized environments. End users shouldn't be allowed to connect to the corporate network using home Windows XP PCs.
This containment strategy should significantly reduce security risks, according to most experts.
It's hard to predict the extent and intensity of the fallout. "A year from now, we'll either have seen a massive set of attacks after support ended, or it all may end being a yawner because nothing happened," Gillen said.
However, the security trend for Windows XP isn't encouraging. In February, security firm Secunia reported that Windows XP security flaws doubled to 99 from 2012 to 2013.
What's clear is that any business with one or more critical applications that required special security precautions had time to either move off of Windows XP or take precautionary measures, Gillen said.
Should Microsoft be doing more?
Whether fairly or unfairly, Microsoft will find itself pelted with negative publicity if in the coming six months or a year malicious hackers ravage the large community of home and work Windows XP users.
"I wouldn't be surprised if the hacking community has been reserving exploits until after support ends," Forrester's Johnson said. Microsoft itself has predicted that crafty hackers will try to parse out future Windows patches and updates, attempting to identify equivalent vulnerabilities in XP.
It's clear the threat against Windows XP machines will grow with each passing day after the deadline. "This isn't Y2K, where that day passed and everything was fine," Silver said. "Here the risk increases as hackers have more and more time to discover vulnerabilities."
Asked about this, Microsoft's Murphy said the company cares about the potential impact to Windows XP customers, which is why it has been aggressively creating awareness about the deadline for years. "We're concerned and we want our customers to be safe," he said.
The backlash from that worst-case scenario could lead individual customers, and small and medium-size businesses in particular, to become disgruntled with Microsoft and seek non-Windows options, such as desktop Linux alternatives, the increasingly popular Chromebooks that run Google's Chrome OS, Apple's Mac OS laptops or desktops, or Android tablets and iPads.
Sign up for CIO Asia eNewsletters.