Microsoft has quietly slashed the cost of continuing to support Windows XP - including critical security patches - from £3 million to just £150,000 for major enterprises.
As a result, the key question that C-level executives will be asking themselves is 'is this price plan suitable?'
The figures certainly make for interesting reading. According to CBR, the Metropolitan Police in London has opted for a Microsoft Custom Support Agreement (CSA), since the vast majority (34,210) of its 34,436 desktop machines are running the Windows XP operating system.
The Met figures, issued in response to a Freedom of Information (FOI) request, mean that the London Police are paying just £4.50 per machine for a year's Windows XP support - although it is important to note that the Microsoft CSA deal only covers critical updates, rather than the `Patch Tuesday' arrangements that most XP users will be familiar with.
Unconfirmed reports also suggest that Microsoft has implemented a £120 per year per machine price tag for its CSA.
According to a report issued earlier this month by cloud security specialist Qualys, exposure to Windows XP amongst financial organisations is significantly higher than that of many other industries.
Analysing data gathered from its QualysGuard service, the vendor claims it found that 21 percent of scans in the financial industry were still operating Windows XP as of the start of April. This comes against a backdrop of Windows XP usage in the UK dropping substantially over the past twelve months, down from 18 to 8 percent averaged across all market sectors in the 12 months to April 1.
Commenting on the figures, Wolfgang Kandek, the firm's CTO, said that he and his team have seen a linear decline in use of XP over the past twelve months.
"But at current rates businesses will still be at risk for quite some time. We must remember that no matter how well a business does in reducing the percentage of machines using XP, just one machine is enough to leave a company vulnerable to attack,” he explained.
Jaime Blasco, director of AlienVault Labs, meanwhile, said that it is not so much the end of Windows XP support that IT professionals should be worrying about, it's the "lazy and stupid" users who have never updated their XP machines in the first place.
"For example, in China over 50 percent still use XP and of those, 70 percent have never applied a single security update," he said, adding that this makes life easier for criminals.
Tim Keanini, CTO of Lancope, warned that the end-of-life versions - following the withdrawal of active support for Windows XP on April 8 - will continue to work, but attackers will target them.
This, he explained, is because it's the best investment can an adversary make. "If they spend a week to develop a new exploit, they get to use it on expired technologies until the end of time, as no patches will ever fix it," he noted.
What if you cannot afford a CSA?
Many businesses - notably in the SME arena - may be unable to finance a £120 per machine annual support deal. For these users, the CESG has published some useful guidance on how to reduce the risk during the planned migration to another operating system, including Windows 7 and 8.
The GCHQ division advises that users should migrate away from obsolete software, as well as reducing the impact of compromise by preventing access to sensitive data - or services - from vulnerable devices, so that even if the devices are compromised, the damage will be minimised.
Businesses should also understand the need to control access to enterprise services hosting sensitive data and improve their ability to detect attacks.
And, says the advisory, "where Windows XP devices continue to be used within an organisation, it is strongly recommended that they be treated as less trusted devices and given constrained access as a result."