Take a look at this post it might help:
viewtopic.php?p=81350#p81350Any web server whether on Windows or a *nix OS is open and vulnerable to those who may wish to exploit it even with some of the best procedures to
harden a server (
link) - some are more vulnerable than others and a good server firewall as mentioned in the above post may go a long way to helping secure XAMPP a little bit more.
Google is your best friend on this server security subject as they will have the latest exploits and solutions perhaps.
I am sure that script kiddies do their home work on how to exploit a web server and so you must always be vigilant if administering a web server - part of the head pain involved in being a server admin, unfortunately.
You may also want to research log file utilities and a log watcher that will warn when certain activity is spotted in the server's log files.
Make sure that safe mode is ON in the php.ini file if exposed to the Internet - can be switched OFF if only developing.
Safe mode is a must!
My friend just gave me a simple demonstration of the great time a user can have running with safe_mode disabled.
Investigate the use of a web server anti-virus script if users will be uploading files also investigate a root kit script.
Most of the processes to harden a server are *nix based but quite a few are also relevant to Windows Apache servers.
Stay lucky.