An interesting article from ComputerWorld.com‘s Security Section:
Hackers could find themselves in the catbird seat on April 8, 2014 — the day Microsoft plans to stop patching Windows XP. As security expert Jason Fossen sees it, those who have zero-day exploits for XP will bank them until that day and then sell them to crooks or loose them themselves on unprotected PCs.
It’s simply economics at work, said Fossen, a trainer for the SANS Institute since 1998.
“The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft’s response,” said Fossen. When a new vulnerability — dubbed a “zero-day” — is detected, Microsoft investigates, pulls together a patch and releases it to XP users.
But the price will go up when Microsoft stops patching its aged operating system.
Fossen acknowledged that there really aren’t any precedents to back up his speculation, because the last time Microsoft retired an operating system was in July 2010, when it pulled the plug on Windows 2000, which wasn’t nearly as widely used as XP is.
Read more here.