Those who’re still running Windows XP are about to face a substantially higher level of risk now that Microsoft’s first Patch Tuesday since end of support has passed. Yesterday’s update saw several critical vulnerabilities patched in Windows Vista, Windows 7 and Windows 8, and at least half of them are thought to affect XP, which didn’t receive the patch.

Also at risk are Microsoft Office 2003 users. That product also stopped receiving updates in April, and later versions of Office received two updates yesterday. According to ZDnet, Office 2003 is likely to be affected by one of these, although the vulnerability is described as “non-critical”.

A third Microsoft product, SharePoint Portal Server 2003, also saw support cease at the end of last month. As a result, it could now be left open to three critical vulnerabilities that were patched in SharePoint Server 2007, 2010 and 2013 versions, plus SharePoint Designer, SharePoint Server 2013 Client Components SDK, and Office Web Apps.

Microsoft says cybercriminals are already exploiting three of these vulnerabilities in the wild, while a fourth has now been publicly disclosed. The most critical of these is MS14-029, which is described as “almost certainly” affecting Windows XP.

Patch Tuesday is a crucial milestone because it arms hackers with everything they need to be able to exploit these security flaws on Windows XP. Cybercriminals can compare the system image of more recent Windows operating systems like Windows 7, and then cross-reference this with Windows XP’s code to deduce if it is also vulnerable. Once they’ve found a flaw, it’s relatively simple for an experience coder to write an exploit for Windows XP machines.

“Before Microsoft stopped pushing patches to XP, it was rare for an update to fix one or more newer editions of Windows, but not patch XP at the same time,” noted Computerworld.

But Microsoft has moved on from Windows XP, and there’s an urgent need for customers to do the same. It’s believed that something like a quarter of all PCs are still running XP, and with about half of these vulnerabilities affecting the OS, the risk of these machines being hacked or hijacked has never been greater than it is now.

photo credit: Kurt Christensen via photopin cc