Just because Microsoft doesn't plan on giving Windows XP patches to the public after April 8, 2014, doesn't mean it's going to stop making those patches.

In fact, Microsoft will be creating security updates for Windows XP for months -- years, even -- after it halts their delivery to the general public.

Those patches will come from a program called "Custom Support," an after-retirement contract designed for very large customers who have not, for whatever reason, moved on from an older OS.

As part of Custom Support -- which according to analysts, costs about $200 per PC for the first year and more each succeeding year -- participants receive patches for vulnerabilities rated "critical" by Microsoft. Bugs ranked as "important," the next step down in Microsoft's four-level threat scoring system, are not automatically patched. Instead, Custom Support contract holders must pay extra for those. Flaws pegged as "moderate" or "low" are not patched at all.

"Legacy products or out-of-support service packs covered under Custom Support will continue to receive security hotfixes for vulnerabilities labeled as 'Critical' by the MSRC [Microsoft Security Response Center]," Microsoft said in a Custom Support data sheet. "Customers with Custom Support that need security patches defined as 'Important' by MSRC can purchase these for an additional fee.

"These security hotfixes will be issued through a secure process that makes the information available only to customers with Custom Support," the data sheet promised.

Computerworld