We have passed the six month mark on the countdown to the end of Microsoft's support for Windows XP, which occurs on April 8, 2014. Support is also ending for Microsoft Office 2003. Once support for any of its products ends, Microsoft will no longer provide security fixes for that product.
If you are using Windows XP, please take the end of support seriously.
It may help you to know a little more about the security process. Many security problems are discovered by security researchers and other developers who notify Microsoft through private channels. To the extent possible, these problems are kept from public attention while Microsoft and its partners develop solutions, mostly system patches. Then on its regular patching schedule, Microsoft pushes out these updates through its Microsoft Update service, which for most individuals and small businesses is automatic. Through this process, Microsoft tries to stay ahead of exploitation of security vulnerabilities. While not perfect, it has served Windows users well for many years.
On April 8, this all stops for XP and Office 2003. If vulnerabilities are discovered, Microsoft will probably not push out a fix. I say probably because if something catastrophic is discovered, Microsoft may bow to consumer pressure on a case by case basis. But this is not assured. Microsoft has already made two extensions to XP support and it is my opinion that only something devastating that could tarnish Microsoft's reputation would make the company take action. Keep in mind that the April 8 date was announced over three years ago and Microsoft has been warning its customers regularly.
Bottom line: don't expect to see any security updates for XP or Office 2003. Consider this a threat to the security of any Windows XP system.
My recommendation is that you eliminate Windows XP from your computers as soon as is feasible. I am less concerned about Office 2003 except for Outlook 2003, which is more vulnerable to attack than programs like Word and Excel.
On a Web development note, I will no longer provide support for Internet Explorer 6.0 in the Web sites I build. IE6 is one year older than Windows XP and was the version of IE that came with Windows XP. Although Microsoft's security perspective on its browsers is different, IE6 has known vulnerabilities which remain unfixed. Neither you nor your customers/clients should be using it.
If I can be of any assistance regarding the end of support for these aging Microsoft products, please let me know.