Microsoft's 'custom' Windows XP patches: Not a panacea

Who is still running Windows XP and why? If you're not a large customer with a Premier Support contract, don't count on custom security patches after April 2014.
Written by Mary Jo Foley, Senior Contributing Editor

I've been seeing a few posts over the past week that may be giving some Windows XP users false hope that they will still be able to get patches for the operating system after April 8, 2014.


I think it was this statement from a Microsoft spokesperson that may have raised some expectations.

"After April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Third parties may provide ongoing support, but it’s important to recognize that support will not address fixes and security patches in the core Windows kernel. If an organization continues to use Windows XP and purchases Custom Support, they will receive critical security updates as new threats are discovered, along with technical support through their Premier contract." (Emphasis mine.)

It's worth repeating these patches aren't for everyone, or, in fact, almost anyone. To get these custom patches, users need an active Premier Support agreement, a Microsoft spokesperson reiterated. On top of that, you need to purchase Custom Support. The combo is costly. For many, other than those in Fortune 500 companies, who are still running Windows XP, it's probably outside the realm of possibility.

In case you were wondering, this kind of custom support option isn't new. Microsoft also made custom patches for XP SP2 available to those with Premier Support contracts when SP2 was moved to end of support (EOS) in 2010.

Why are users still running Windows XP?

But back to the kinds of customers who are holding onto Windows XP in spite of potential new vulnerabilities which may arise after Microsoft stops making all patches -- including security patches -- available after April 8 , 2014. Who are those in the 35-plus percent group plus running XP as their desktop OS?

I asked readers recently to explain why they aren't willing and/or able to get off XP. I heard back from a number of individuals via email, in addition to the answers sprinkled through the hundreds of (sadly, mostly off-topic) comments on this post.

As has been noted numerous times before, a number of those still running Windows XP in their organizations are doing so because they have written custom, internal-facing applications that are dependent on IE 6. Some of these shops also are running custom-built apps that don't use IE, but which they have not had time/money to rebuild to run on newer versions of Windows.

There are others who say they do not have the money to buy new software and hardware. This includes retirees; some government users, noting their organizations and agencies haven't got funds to upgrade; and others who are just going to keep running XP machines until they die.

I heard from one user who said his XP PC is not connected to the Internet, so he feels no need to upgrade. I heard from a couple of folks who said they are counting on their firewall and security software, coupled with common sense, to protect them once Microsoft stops issuing security patches. And I heard from more than a few users who cited their dislike of Windows 8 as a reason to avoid moving off XP -- despite the fact users still can find PCs running Windows 7.

Microsoft has made it clear to its reseller partners that one of their biggest priorities in fiscal 2014 should be to get XP users to migrate to a more recent version of Windows. Microsoft recently warned XP users they'd risk being in a "zero day forever" state after April 8, 2014.

All this said, there won't be any kind of global meltdown happening on April 9, 2014. PCs running XP won't just stop working or burst into balls of flame. However, it's still worth noting, things will likely get worse for XP users over time, as ZDNet's Larry Seltzer noted. With no more security patches for XP, one important layer of defense will be weakened. Windows XP users will put more stress on antivirus software and firewalls as long as they continue to remain on the OS.

Editorial standards