It's finally here. After 12 years, 6 months, and 12 days on the market, Windows XP has hit its end of life. It will receive its last ever set of patches on Windows Update today (or "Woo" as Microsoft remarkably pronounces it internally), and for the most part, that will be that. Any flaws discovered from now on—and it's inevitable that some will be discovered—will never be publicly patched.
How bad is this going to be? It's probably going to be pretty bad. By some measures, about 28 percent of the Web-using public is still using Windows XP, and these systems are going to be ripe for exploitation.
While we can hope that personal firewalls and NAT systems will prevent any kind of Code Red or Nimda-style self-propagating worm from infecting these systems, exploitation through the likes of malicious e-mail attachments, Office documents, USB keys, and browsers is inevitable.