Microsoft extends XP security updates by 15 months

Microsoft has caved in to user concerns over Windows XP end of support, and will now extend security updates for the legacy operating system by 15 months.

In a blog post, the software giant wrote: “To help organisations complete their migrations, Microsoft will continue to provide updates to our anti-malware signatures and engine for Windows XP users through July 14, 2015.”

Experts have estimated that as many as 10% of the PCs in mid-sized and large organisations will still be running XP after April 2015.

As such, Microsoft said it will continue to provide security updates for System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP and Microsoft Security Essentials.

But these updates will only be made available for a further 15 months after 8 April 2014.

The updates should help IT departments keep XP secure while they migrate to a newer operating system.

Speaking to Computer Weekly prior to Microsoft's change of heart, Gartner research director and vice-president Stephen Kleynhan said: “The key thing to do is limit the opportunities for new malicious code to get onto those devices, then harden them so that, if they are exposed, there is some line of protection.”

Even with another 15 months of security updates, users will still need to ensure their machines are as secure as possible. 

Gartner recommends IT departments segregate their corporate local area network, so the XP-based PCs live on a private network. This will limit the extent to which a hacker can use a compromised XP machine to gain access to the wider corporate network.