By Gregg Keizer
Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued today.
Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it’s simply economics at work.
“The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft’s response,” said Fossen. When a new vulnerability—dubbed a “zero-day”—is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.