Many exploits are applicable to more than one platform. Some subsystem that exists in Win7, Vista, and XP might be vulnerable.
So what will happen is....a patch gets pushed out for Win 7 and Vista, to combat some vulnerability.
Test that vulnerability against an XP install. Does it affect that XP install? If so, then push out a trojan/virus/malware, and XP boxes are at risk.
If it talks to anything past your local router, it may be vulnerable.
MS has extended the life of updates for MSE as applied to XP, but not actual patches to XP.
XP is 14 years old. Time to move on.
OK, so it "might" be vulnerable, but terrorists also "might" break into my house and physically steal all of my computers. I guess what I really want to know is how likely
it is to be a serious problem, but I suppose nobody can say for sure.
I don't deny that it is time to move on from XP. I mean, if we never moved on, we'd all still be using DOS 1.0. That doesn't change the fact that it is very painful to do so or that the risks of continuing to use XP must be carefully weighed against the enormous problems presented by abandoning 10+ years of software and hardware set up on my XP machines.