What does the end of support of Windows XP mean for Windows Embedded?

Posted By Dave Massy
Senior Program Manager

As many of you are probably already aware — and as my colleague Barb Edson explained in a blog post last April — Windows XP reaches End of Support on April 8, 2014, which is just a few weeks away. As a result, there will be no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates. Please click here for more details.

This is a significant event for Windows, and it also has implications for Windows Embedded products that are based on the Windows XP operating system.

Windows Embedded products have their own distinct support lifecycles, based on when the product was released and made generally available. It is important for enterprises to understand the support implications for these products in order to ensure that systems remain up to date and secure. The following Windows Embedded products are based on Windows XP:

  • Windows XP Professional for Embedded Systems. This product is identical to Windows XP, and Extended Support will end on April 8, 2014.
  • Windows XP Embedded Service Pack 3 (SP3). This is the original toolkit and componentized version of Windows XP. It was originally released in 2002, and Extended Support will end on Jan. 12, 2016.
  • Windows Embedded for Point of Service SP3. This product is for use in Point of Sale devices. It’s built from Windows XP Embedded. It was originally released in 2005, and Extended Support will end on April 12, 2016.
  • Windows Embedded Standard 2009. This product is an updated release of the toolkit and componentized version of Windows XP. It was originally released in 2008; and Extended Support will end on Jan. 8, 2019.
  • Windows Embedded POSReady 2009. This product for point-of-sale devices reflects the updates available in Windows Embedded Standard 2009. It was originally released in 2009, and extended support will end on April 9, 2019.

We know enterprises are concerned about what this means for continued support, particularly when it comes to the availability of security updates for the software that underlies many existing devices. The following are notes on some common questions.

What is covered by Extended Support for Windows Embedded products?
Critical security updates are made available for products until the published Extended Support end date. This allows enterprises to ensure that they are up to date in protection against security attacks. These updates will continue to be made available through the usual channels of MyOEM, Windows Embedded Developer Update and Microsoft OEM Online, as well as through Windows Update for point-of-sale systems. 

What does this mean for other parts of the system?
While most of the Windows Embedded operating system will continue to receive critical security updates, it is important to ensure that other parts of the system that are not part of the operating system are also kept up to date, and that protections are in place. This includes items such as software included on the device, antivirus solutions and management solutions on the device, as well as throughout the IT infrastructure. Check with the providers of all parts of the infrastructure to ensure that they will continue to offer support for XP-based platforms. Microsoft will continue to provide anti-malware definition updates to those operating systems licensed to run our anti-malware products through their end-of-life dates.
Updating is only one part of being secure
As attacks become ever more sophisticated, it is clear there is no single solution to ensure a system is secure. There is excellent advice at the Security TechCenter on keeping a system secure.

Improved security with newer versions of Windows
It’s also worth noting that the security protections in Windows have evolved significantly since Windows XP was released. For example, the integrity mechanisms available in later versions of Windows support features such as User Account Control and IE Protected mode by restricting access to processes, files and registry keys. The best form of defense is to use newer versions of Windows Embedded, such as the recently released Windows Embedded 8.1 Industry. Windows 8.1 includes a number of security improvements, including secure and trusted boot to ensure that a system is not tampered with during the boot process.

You can learn more about the lifecycle and support for specific Microsoft products here.