Re: THE END IS NIGH! REPENT! REPENT!
Theoretically, yes. There was a very fast network scanner that can map most of the internet in under an hour:
http://www.theregister.co.uk/2013/08/19/new_tool_lets_single_server_map_entire_internet_in_45_mins/
If you can attach that to an exploit delivery system (IE make a DB of IPs, cross reference that with zerodays for unsupported XP, only attack those that are visible) then you could theoretically do some major damage if you had a chunky enough delivery system.
Practically though? I dunno. I don't know enough about realworld exploit deployment to be terribly certain (any pen testers care to wade in?) but I'd go as far as to say that if you have the opportunity to move away from XP, I'd do it.
That's my understanding of it - and I'll hold my hands up and say I'm not a security researcher or a pen tester - but I've moved away from MS almost entirely to Linux now (not possible for all, I know) so it's of less relevance to me than it was.
Steven R