Gregg Keizer in Computerworld quotes Secunia's Kaspar Lindgaard making a case that I've been making for a while, that "Patch Tuesday" will be a boon for hackers looking for XP vulnerabilities. We'll get a test of the hypothesis tomorrow, when Microsoft releases 8 new security updates. The reasoning is that many vulnerabilities patched in Windows 7, Windows 8.1, or the various Windows Server operating systems were carried forward from code lines in XP. The patches and accompanying security bulletins give attackers a roadmap for finding the vulnerabilities in XP that will never be patched.
If our reasoning is correct, we will see an uptick in zero-day attacks against XP. I'd like to be wrong, but really, the best advice is to get off of XP as quickly as possible. Consumers have no reason to wait. Enterprises should follow advice we've given before on how to mitigate the risks of not being finished migrating.
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.