Cybercriminals “saving up” wave of Windows XP attacks for when Microsoft stops support

Cybercriminals will unleash a wave of “zero-day” vulnerabilities to attack Windows XP machines after April 8, 2014, a security expert has claimed. Microsoft will stop releasing security updates for the OS on that date.

Criminals will “sit on” such vulnerabilities until that date to make more money from their exploits, according to Jason Fossen of security training company SANS.

At present, vulnerabilities are patched by Microsoft. After April, only companies paying for custom support will be protected – and up to a third of organizations are expected to still use Windows XP machines.

“The average price on the black market for a Windows XP exploit is $50,000 to $150,000 – a relatively low price that reflects Microsoft’s response,” said Fossen, speaking to ComputerWorld.

SOURCE: welivesecurity.com

Information Security Buzz