Last month I wrote that, despite all warnings about the imminent death of Windows XP, until May 13th Windows XP could still be used in a relatively secure way. In fact, the recent off-schedule security patch by Microsoft proved my point. But I also said that from that day on XP is doomed. If you still use an XP system, chances are that the system will be a victim of an attack.
On May 13th, Microsoft publishes some security patches that will not be published publicly for Windows XP systems. Only a few organization, who pay dearly for extended extended support, will enjoy the benefit of keeping their XP systems alive. But for the rest of us, XP will be at risk.
What happens every month: if Microsoft publishes a security patch, criminal minds reverse engineer a vulnerability based on the changes in the patch. They try to figure out ways to penetrate systems that are not (yet) patched. And in many cases within a few days the first exploits are around. Since all Windows generations from NT onwards are very alike, chances are that a vulnerability in a recent Windows version exists in Windows XP too. And if a system is not patched, such an exploit will be a zero-day exploit for ever.
Can you protect XP systems that are not enjoying extended extended support? No, not unless you never connect it to the outside world directly or indirectly. Even anti-malware software may not guard an XP system against exploits.
What should you do? Migrate, migrate, migrate, to whatever more recent operating system that you can think of. If you're in a company: get your management fired asap. They are the next vulnerability that will not be patched.