“Therefore, anybody running an XP system could fall prey to someone who is trying to exercise one of those vulnerabilities,” says Eugene Spafford, executive director of The Center for Education and Research in Information Assurance and Security at Purdue University. He says XP users had more than six years to prepare for the end, but not everyone has been proactive.