Simplified way of Understanding Risk of Windows XP system

vulnerabilities in windows xp

Back in those days when XP was introduced, it completely overhauled windows 98 with new graphics and functionality. Currently, Windows XP has become 16 years but it has not lost its popularity, we can still see windows XP in different kinds of organizations, especially in government organizations in Nepal. I have observed, government employees, playing Solitaire while we waited in line for hours. According to, Windows XP is still running on 3% of all desktops.

Key Vulnerabilities

There is no support for XP by Microsoft since April 8, 2014. So, Windows XP computers are more vulnerable to information security threats. Hence, came the Ransomware attack which was in the headlines in May 2017. This is not the end of it, we will most likely hear more security attacks on XP machines in near future also. Further, this will lead the Windows XP machine to be the target of Zero-Day exploits as when windows launch any security patches for its operation system, exploiters will figure out what vulnerability is fixed by that patch and then launch with launch their exploit on Windows XP machines.

There are many vulnerabilities found in Windows XP like buffer overflow of internet explorer and easy targets of different malware. The major key security threat in XP was that the administrator account had unlimited privileges.

I have made the following video to show how windows machines can be exploited using these vulnerabilities. In this video, I have used different techniques to attack windows XP machines to show you how vulnerable these machines are. The two techniques related to buffer overflow attack: memory flaws of Internet Explorer 6 and another well-known flaw of SMB protocol. The third one is the Man-In-Middle attack. The final one is related to deploying Trojan or backdoor.


Why Use of XP so prevalent

As discussed earlier, the Windows XP machines are still being used largely in various types of the organization. Why is the reason for being so? The main reason is the usually in a government organization, once they purchase a desktop, they will not replace it until and unless it turns to scrap material. During the Window 98 era, more organization were in manual mode, most of these institutions did not use the computer for day to day work. When they did gradually started to upgrade them, they got stuck on XP and then decided not to upgrade at all. Up-gradation requires a lot of effort and time.

Microsoft launched Windows Vista after the success of Windows XP, however, it failed miserable. As per Wikipedia, Vista was expensive, the current user hardware system was not able to support that product and other legal issues to name a few. Due to the mass failure of windows VISTA, the user uninstalls that operating system and switch back to Windows XP.


The only way to protect yourself is to upgrade window XP with the latest version windows system. There is no other option. However, if you still need to use Windows XP then the following solution may be adopted.

  1. Segregate the network in which the XP machine is installed. This network should be protected by a strong firewall to control the traffic going inside and outside the network.
  2. The main problem with XP was that its’ administrator had unlimited privileges. Therefore, such accounts should be strictly controlled and monitored.
  3. Finally, to emphasize again, this kind of system should be upgraded as soon as possible. Because in coming future new vulnerabilities are likely to discover and exploits will be made to compromise these kinds of vulnerabilities.

Thank you for reading. If you have found it useful, please do share.