Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs
Tax collector says it will pay Microsoft 'less than $500,000' for after-retirement XP patches
Computerworld - The U.S. Internal Revenue Service (IRS) acknowledged last week that it missed the April 8 cut-off for Windows XP support and will be paying Microsoft for an extra year of security patches.
But the tax agency disputed an earlier estimate by Computerworld that put the cost of those patches in the millions, saying that it was paying Microsoft "less than $500,000" for the after-retirement support.
Microsoft terminated Windows XP support on Tuesday when it shipped the final public patches for the nearly-13-year-old operating system. Without patches for vulnerabilities discovered in the future, XP systems will be at risk from cyber criminals who hijack the machines and plant malware on them.
During an IRS budget hearing on April 7 before the House Financial Services and General Government subcommittee, the chairman, Rep. Ander Crenshaw (R-Fla.) wondered why the agency had not wrapped up its Windows XP-to-Windows 7 move.
"Now we find out that you've been struggling to come up with $30 million to finish migrating to Windows 7, even though Microsoft announced in 2008 that it would stop supporting Windows XP past 2014," Crenshaw said at the hearing. "I know you probably wish you'd already done that."
According to the IRS, it has approximately 110,000 Windows-powered desktops and notebooks. Of those, 52,000, or about 47%, have been upgraded to Windows 7. The remainder continue to run the now retired XP.
John Koskinen, the commissioner of the IRS, defended the unfinished migration at the hearing, saying that his agency had $300 million worth of IT improvements on hold because of budget issues. One of those was the XP-to-7 migration.
"You're exactly right," Koskinen said of Crenshaw's point that everyone had fair warning of XP's retirement. "It's been some time where people knew Windows XP was going to disappear."
But he stressed that the migration had to continue. "Windows XP will no longer be serviced, so we are very concerned if we don't complete that work we're going to have an unstable environment in terms of security," Koskinen said.
Koskinen concurred with Crenshaw's $30 million figure as the cost for upgrading the IRS's remaining Windows XP systems. The money will be taken from the agency's enforcement budget.
Part of that $30 million will be payment to Microsoft for what the Redmond, Wash., developer calls "Custom Support," a program that provides patches for critical vulnerabilities in a retired operating system.
Earlier this year, analysts said Microsoft had dramatically raised prices for Custom Support, which previously had been capped at $200,000 per customer for the first year. Instead, Microsoft negotiates each contract separately, asking for an average of $200 per PC for the first year of Custom Support, those analysts said.
Using that average -- and the number of PCs the IRS admitted were still running XP -- Computerworld estimated that the IRS would pay Microsoft $11.6 million for one year of Custom Support.
Late Friday, however, the IRS disputed that estimate. An agency source said that the IRS was paying Microsoft less than $500,000 for Custom Support on its remaining 58,000 Windows XP PCs, or about $9 each. According to the source, the exact figure will be disclosed at a later date.
The $30 million total will cover not only the Custom Support, but also new PCs when necessary and labor costs to complete the migration.
The IRS isn't the only government agency that has acknowledged paying for post-retirement XP support. The U.K. government, for example, has paid Microsoft more than £5.5 million (approximately $9.2 million) for Windows XP, Office 2003 and Exchange 2003 patches for the next 12 months that will be applied to a much larger number of PCs nationwide.
In a follow-up statement Friday, the IRS said that its XP problem does not extend to the systems that handle tax filings by individuals and companies.
"None of our filing season systems or other major business operating systems for taxpayers use Windows XP," an IRS spokesperson said Friday. "The IRS emphasizes the situation involving Windows will have no impact on taxpayers, including people filing their tax returns in advance of the April 15 deadline."
In other words, the IRS will not let taxpayers use the XP situation as an excuse not to meet Tuesday's filing deadline.
"The IRS ... is working to complete the updates [to Windows 7] by the end of calendar year 2014," the spokesperson added.
The agency, like most businesses and organizations, will face the same situation in less than six years: Microsoft plans to pull the patch plug on Windows 7 in mid-January 2020.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Windows XP lives
- XPocalypse, not now
- Windows XP hack resurrects patches for retired OS
- Bug bounty program outs 7-month-old IE zero-day
- CA Technologies releases free XP migration tool
- Windows XP's U.S. farewell tour to last most of '14
- Microsoft sticks to vow, leaves XP exposed to ongoing attacks
- Microsoft's Patch Tuesday gives XP attackers a roadmap
- Microsoft: We're serious this time; XP's dead to us
- Windows XP die-hards can slash attack risk by dumping IE
- Hackers now crave patches, and Microsoft's giving them just what they want
Read more about Windows in Computerworld's Windows Topic Center.
- Making it work: Using Cisco and Microsoft Lync to Drive Collaboration Microsoft Lync is posting impressive adoption rates. As a Cisco Premier Partner and a company that has deployed Microsoft Lync to its own...
- Protecting Data in a Virtual World AppAssure helps organizations transform backup and recovery operations for virtual and hybrid environments.
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Windows White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!