Microsoft issues five month countdown for Windows XP support
CSO - Microsoft introduced Windows XP in 2001, and it became an instant success. It combined the well-received consumer user interface from Windows 98 with the stability of Windows NT, was out-of-the-box Internet capable with an excellent browser -- Internet Explorer (IE) -- and quickly took over the market.
In terms of security, XP was immediately the target of attacks. In 2004, Microsoft hit a milestone in this area, when it unveiled Windows XP SP2, which featured a built-in, always-on firewall that effectively ended the era of the large-scale Internet worms, such as Blaster, Sasser, and Slammer. As a result, Windows XP became a huge hit with over 600 million installations worldwide.
But in April of next year, 2014, Microsoft will execute on its long published maintenance plan and stop commercial support for Windows XP. Starting in May, Windows XP will stop receiving security updates, even for highly critical security flaws such as September's and November's IE zero-day that targeted Windows 7 and, you guessed it, Windows XP. By mid-2014, new and (by then) unfixable security flaws for XP will be well-known and freely traded in the cybercriminal underground.
To illustrate this certainty, let's take a look at this year's IE security bulletins. There have been fourteen updates so far, one each month through November, plus additional updates in February, May and November to cover zero-days, addressing a total of 117 vulnerabilities. Windows XP was affected by 75 of the vulnerabilities, including 68 rated critical, which accounts for 64 percent of total vulnerabilities and 90 percent of critical vulnerabilities this year alone.
This pattern will not simply stop in April 2014. We can be certain that vulnerabilities will continue to affect Windows XP, and given that it is unlikely that Windows XP will be replaced 100 percent by April 2014, we will see reverse engineering of vulnerabilities for XP and the development of exploits as well.
Networks that include Windows XP computers used for normal office activities, such as e-mail, web browsing, word processing, etc., will become undefendable and will invite attackers inside. There are certainly steps one can take to lower the risks, such as switching to supported browser, e-mail, and office programs, and hardening Windows XP (by using Enhanced Mitigation Experience Tool, for example), but these are band-aids that can only prolong XP's useful life by a few months.
The only way to address the situation and to ensure your network and assets are secure is to migrate to a supported operating system. In the Windows line, your options are Windows 8 with its radical user interface change with currently under 10 percent market share or Windows 7, which has seen growing enterprise adoption and has a market share of over 50 percent and has the additional benefit of being familiar to users who might have it installed at home.
In a pinch, you may still have Windows Vista licenses around from when that operating system was first delivered and you preferred to install XP instead. There are other alternatives; you could follow the lead of the French Gendarmerie which migrated 40,000 desktop computers to an open source platform based on the Firefox browser, Thunderbird e-mail client, OpenOffice word processing and spreadsheet, all running on the Ubuntu variant of the Linux operating system.
If you are still running Windows XP, you are not alone. Figures for the currently installed base data varies widely, though, ranging from low teens to almost 50 percent, according to some sources. Our data indicates that more than 20 percent of all enterprise users are still using Windows XP machines, so it is probable that you can reach out to your peers and see what strategies they are planning to take. One thing is clear: the risk is real and there is little time left, so you need to act now.
Wolfgang Kandek is the CTO for Qualys.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast
Transforming Finance, Procurement and Supply Chain Effectiveness with Cross-Functional Analytics
Date: May 6th, 2014
Time: 1 PM EDT
Attend this Webcast to find out how Oracle's packaged analytic applications enable line-of-business managers to examine all...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Cyberwarfare White Papers | Webcasts