Windows XP SP3 and Office 2003 End of Life

Number: IN13-003
Date: April 19, 2013


The purpose of this information note is to draw attention to the end of support for Microsoft Windows XP Service Pack 3 (SP3) and Office 2003. Effective April 8, 2014 Microsoft will no longer provide automatic fixes, security updates, or online technical assistance for these products.


As of April 8, 2014, Microsoft will no longer support Windows XP SP3 and Office 2003. Organizations running software after its end of support date may be exposed to potential security and compliance risks.

Microsoft will continue support for Windows XP Professional for Embedded systems until December 2016 through their authorized embedded distributors. This software is commonly found in ATM's, kiosks, medical devices and industrial controllers. 

Migration to an updated operating system can present unique challenges and it is critical that organizations operating Windows XP SP3 plan and test a migration solution before the deadline next April. Some considerations include:

Application Compatibility
Some applications, including device drivers, may have compatibility issues with more recent versions of Microsoft Windows operating systems. A best practice approach to reducing the risk of compatibility problems should include:

For applications that are found to be incompatible, a remediation strategy will be required. Remediation can include anything from configuration or code changes, to leveraging application virtualization technologies. The Microsoft Application Compatibility Toolkit (ACT) can assist asset owners and operators to evaluate compatibility issues with existing applications prior to deployment.

Application Compatibility Toolkit

Office Suite
Older versions of Office files will still function by installing the compatibility Pack offered by Microsoft.

Microsoft Office Compatibility Pack

Internet Explorer
Windows XP SP3 cannot upgrade Internet Explorer (IE) beyond version 8 because IE9 uses Direct2D for hardware acceleration, a feature not available in Windows XP.
Organizations that depend on previous versions of IE to access older web-enable applications may be exposing themselves to several critical vulnerabilities and risk exposure to malicious attackers.

Infrastructure and Hardware Dependencies
Organizations will need to identify all infrastructure and hardware dependencies when planning a migration. Microsoft Assessment and Planning Toolkit (MAP) will help detect and assess readiness by performing the following:

Microsoft Assessment and Planning Toolkit

Microsoft customers have a number of deployment strategies and tools at their disposal that can assist with the migration to an updated operating system and office application suite. These strategies range from manually installing the new operating systems on each client computer, to the use of Microsoft System Center Configuration Manager (SCCM) for large distributed client networks. The Microsoft Deployment Toolkit (MDT) provides Microsoft customers with tools, processes, and guidance for Windows based desktops and servers.

Microsoft Deployment Toolkit (MDT)

Suggested action

CCIRC strongly encourages Information Technology owners and operators to begin planning their migration to an updated operating system and office application suite as soon as possible. CCIRC will continue to monitor this situation and update this Information Note accordingly.


  1. Microsoft Product Lifecycle
  2. Microsoft Windows XP Professional for Embedded Systems available through December 2016
  3. Windows XP to Windows 7 Migration Guide
  4. The Countdown Begins: Support for Windows XP Ends on April 3, 2014

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: