Cyber criminals will bank their Windows XP zero-day vulnerabilities until after Microsoft stops patching the aged operating system next April, a security expert argued. Jason Fossen, a trainer for SANS since 1998 and an expert on Microsoft security, said it’s simply economics at work. “The average price on the black market for a Windows XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft’s response,” said Fossen. When a new vulnerability — dubbed a “zero-day” — is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users. If the bug is critical and being widely used by hackers, Microsoft will go “out-of-cycle,” meaning it will issue a security update outside its usual monthly Patch Tuesday schedule. But after April 8, 2014, Microsoft has said it will retire Windows XP and stop serving security updates.