The report included figures showing that in the last quarter of 2013, Windows XP computers had an infection rate of 2.42%, compared to 3.24% for Windows Vista and 2.59% for Windows 7.
Microsoft said the data had been “normalized” to account for the different numbers of computers running each version of the operating system, with Windows 8 machines showing a 1.73% infection rate and Windows 8.1 (the latest version) just 0.08%.
"In general, infection rates for more recently released operating systems and service packs tend to be lower than infection rates for earlier releases, for both client and server platforms," the company said in the report.
"In 3Q13, this pattern is clearly visible, with Windows XP displaying an infection rate significantly higher than any other supported Windows client platform, and Windows 8 RTM -- at the time the most recently released platform -- displaying the lowest".
Microsoft revealed in the report that a new threat ‘Rotbrow’ is at the root of greater insecurity of Windows Vista and Windows 7. The report revealed that the infection rate – measured in computers cleaned per thousand (CCM) – stood at 17.8 percent in Q4 of 2013 as compared to just 5.6 percent in Q3 of 2013.
The software giant blamed the insecurity of Windows 7 and Vista on a new threat from ‘Rotbrow’ malware targeting internet browsers.
Win32/Rotbrow, a program claiming to protect from browser add-ons, and Win32/Brantall which acts as an installer for legitimate applications, attacked older operating systems like 7 and Vista, and Microsoft said it was Rotbrow that was most responsible for the dramatic increase in the CCM metric in 4Q13.
Analysts are suggesting the Browser Protector software had existed since at least 2011 without exhibiting any malicious behavior, so many security software vendors had not configured their products to block or remove it.
The report also threw up some interesting data around what type of infections are occurring - Trojans are still the most commonly encountered threat, while Trojan downloaders and droppers grew to become the second most encountered category in the fourth quarter though thanks to Rotbrow and Brantall.
The encounter rate for worms fell slightly as did that for exploits.
Microsoft said if you live in Brazil, Russia or Italy you're more likely to encounter a Trojan, while ransomware (a type of malware that stops you using your computer until you pay its creators) generally happensin Europe, western Asia, and the wealthy English speaking regions of North America and Oceania.
Meanwhile it seems the XP userbase is slowly declining after it reached its 'end-of-life' across the world and won't receive any more security updates.
Summary of install bases (courtesy of security software firm Secunia)
In 2013 (Jan-Dec) XP was on 22% of US PCs.
In 2014 (Jan-Feb) XP was on 18%.
In 2014 April (week one after XP EOL) XP was on 17%
In 2014 April (week two after XP eOL) XP was on 16%
In 2014 April (week four after XP eOL) XP was on 15%
Kasper Lingaard, Head of Research with Secunia, warned against XP users becoming complacent.
“Come Tuesday, Microsoft will be patching some vulnerabilities in Windows, and it is realistic to assume that at least one of these will also affect Windows XP. That means we can expect to see exploits in the wild for vulnerabilities in XP because it is End-of-Life, private users will not receive patches from Microsoft," Lingaard said.
"Generally speaking, newly discovered vulnerabilities in XP will be unpatchable for private users, and therefore we will see a rise in attacks. XP users will in future basically be a “free-for-all” to hackers, who can create and use exploits at will.
"Additionally, future patches to the other Windows operating systems will be reverse engineered by hackers, seeking to discover which vulnerabilities were fixed by Microsoft, and subsequently – if applicable – modified to work against Windows XP.”
You can download the report, in all its 152 page glory, here.