If and that is a big if. There is 2,000,000,000 desktop PC’s in April 2014 and 13.75% of those are running Windows XP there should be around 275,000,000 PC’s still lingering on XP. Also I think if these are going to be a viable attack target they will have to be running something other then IE8. It will be a significant effort to locate something in a third party browser to only attack 14% of the machines available to you. It would make more sense for an attacker to spend their efforts on the 86% of the rest of the Internet. I am not saying it won’t happen, but I think if you are trying to maximize your work for output this is not the place to spend it.
Now if there was an attack that did target IE8, maybe something someone has been sitting on for several years what does that look like?
If we do what we did before and just trend the line out you end up with 3.1% of machines running XP are still running IE8. So that is 8,525,000. That number to me is nothing significant at in the over all threat environment of the internet. If everything carries on the way it has, Windows XP machines will account for 0.42% of active machines on the internet.
I also personally think that these numbers will turn out to be too generous. I think that they will be almost have of what I currently estimated. With all of the sources of pressure to leave XP, and hopefully other will have aged to a point where they will just cease to function. The security impact of XP throughout 2014 and beyond should be minimal.
I can think of a few things in 2013 and by 2014 that will be leading causes of concern. Like mobile devices, tablets, smartphones. Next I will see if we can figure something out with these.