On April 8, 2014, Microsoft stopped technical support for Windows XP; XP customers will no longer receive security or technical updates, hotfixes, or free or paid assistance. Microsoft statistics show that around 25% of PCs in Asia Pacific still run XP. Asia Pacific enterprises haven’t migrated away from XP because:
- Technology management departments didn’t communicate the need well enough and thus have not received the necessary funding to migrate to Windows 7 or 8.
- Many firms rely on legacy applications that run on XP and are often incompatible with the latest versions of Windows. For example, an Australia-based oil and gas exploration firm faced application compatibility issues when migrating from XP to Windows 7.
- Some enterprises underestimated the work required to migrate to a new OS and are still halfway through their project.
From now on, Microsoft will no longer issue updates to address new security vulnerabilities discovered in XP, leaving enterprises vulnerable to cyberattacks. Hackers are certain to have been holding back a few vulnerabilities waiting for just this moment!
Organizations that do not plan to upgrade to Windows 7 or 8 must consider XP-based systems as vulnerable and open to exploits. Hacker groups and organized crime syndicates can reverse-engineer Patch Tuesday releases for Microsoft fixes in Windows 7 and 8 to identify specific vulnerabilities in XP and craft code to exploit it. Once these endpoints have been compromised, they can be used as a springboard into the broader IT infrastructure for data theft or industrial espionage.
Enterprises that still use XP should take immediate steps to reduce their risk:
- Define a separate zone. Move all XP systems to a separate network zone and restrict all connections to and communications with other systems in the network. Continuously monitor incoming and outgoing traffic to rapidly detect anomalies.
- Revoke admin privileges. Remove administrative rights from all users on XP systems; there’s no way to audit what a user with admin rights has done, leaving the desktop — and entire IT infrastructure — open to abuse. If you need admin privileges, consider a privilege management product that will help prevent new or unwanted programs from executing.
- Consider an additional line of defense. Configure a network- or host-based intrusion prevention system with the latest rules and signatures to detect and prevent attacks on XP systems.
- Use virtual machines. Disable every nonessential function in XP and make it accessible through Citrix or another VM scenario.
- Define a quarantine process. In case of cyberattack, isolate these systems from the network until you’ve identified corrective and preventive actions.
- Consider purchasing custom support. Microsoft continues to provide XP security support and patches for customers in the Microsoft Premium Services Program. Custom support can save money in the short term ($25 per XP system, compared with $200 to $300 per XP system to upgrade to Windows 7), but your firm will have to upgrade at some point — so why not now, before you accumulate additional risk and expense? The Dutch government is one organization that has struck a deal with Microsoft to secure continued support for its XP devices.
If you continue to use Windows XP, your computer will still work — but it might become more vulnerable to viruses and other security risks. We strongly recommend upgrading to a more modern and supported OS as soon as possible to avoid being targeted. The inconvenience of the upgrade is negligible compared with the negative impact a breach could have on your company and brand — and maybe your own job.