Perhaps the scariest part of the recent remote execution vulnerability in Internet Explorer is this thought from Brian Krebs:
This is the first of many zero-day attacks and vulnerabilities that will never be fixed for Windows XP users. Microsoft last month shipped its final set of updates for XP. Unfortunately, many of the exploit mitigation techniques that EMET brings do not work in XP.
According to StatCounter Windows XP still accounts for 10% of systems browsing the web in the United States. That includes mobile users too.
When you look at the world wide use that 10% jumps to 16%.
I expect there are people who are still actively looking for holes in Windows XP. It is only a matter of time before they find them.