Microsoft is releasing its first round of Patch Tuesday updates without Windows XP today – despite new stats showing one in six British PCs are still vulnerable.

Microsoft releases a regular set of security and stability updates on the second Tuesday of every month. Now for the first time, this month’s patching exercise doesn’t include XP – and that could leave many users vulnerable, with security firm Secunia reporting that one in six PCs in British homes still runs the old version of Windows.

According to Secunia’s stats, XP was installed on 23% of UK PCs in 2013, although that fell to 19% in January 2014. The looming end of life didn’t scare many users, with use falling only one point to 18% a week after support ended, and to 17% after two weeks.

So many users still on XP is a problem, as many of the flaws Microsoft patches in Vista, Windows 7 and 8 will still affect XP – giving hackers an easy route to reverse engineer their way to a vulnerability.

“Come Tuesday, Microsoft will be patching some vulnerabilities in Windows, and it is realistic to assume that at least one of these will also affect Windows XP,” said Kasper Lindgaard, Director of Research and Security at Secunia. “That means we can expect to see exploits in the wild for vulnerabilities in XP.”

“Generally speaking, newly discovered vulnerabilities in XP will be unpatchable for private users, and therefore we will see a rise in attacks,” Lindgaard added. “XP users will in future basically be ‘free-for-all’ to hackers, who can create and use exploits at will.”
“Additionally, future patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and subsequently – if applicable – modified to work against Windows XP,” he added.
While April’s Patch Tuesday was the last to feature XP, Microsoft did more recently release an out-of-band patch for an Internet Explorer flaw that also covered the ageing OS – but stressed users shouldn’t expect it to happen again.