+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 40
IT News Thread, The risk of running Windows XP after support ends April 2014 in Other News; Only 227 days to go! Click the link to read the full article. Source : Microsoft Security Blog Back in ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,765
    Thank Post
    222
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779

    The risk of running Windows XP after support ends April 2014

    Only 227 days to go! Click the link to read the full article.

    Source: Microsoft Security Blog

    Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014. Since then, many of the customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.

    There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft. Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8. I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.

    What is the risk of continuing to run Windows XP after its end of support date? One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case.

    When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability. To ensure that our customers are not at a disadvantage to attackers who employ such practices, one long standing principle that the Microsoft Security Response Center (MSRC) uses when managing security update releases is to release security updates for all affected products simultaneously. This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.

    But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever. How often could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.


    Figure 1: Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence Report volume 14



    Figure 4: The table below compares the mitigation features supported by Internet Explorer 8 on Windows XP Service Pack 3 with the features supported by Internet Explorer 10 on Windows 8. As this table shows, Internet Explorer 10 on Windows 8 benefits from an extensive number of platform security improvements that simply are not available to Internet Explorer 8 on Windows XP.

  2. #2
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    911
    Thank Post
    41
    Thanked 69 Times in 66 Posts
    Rep Power
    18
    Die xp die. Seriousy though will it ever die?

  3. #3
    newpersn's Avatar
    Join Date
    Nov 2010
    Location
    Gloucestershire
    Posts
    1,187
    Thank Post
    273
    Thanked 110 Times in 83 Posts
    Rep Power
    76
    Quote Originally Posted by free780 View Post
    Die xp die. Seriousy though will it ever die?
    We will still run it.

    Library issue computers (dell 170l)
    And papercut release station. Not changing that as it works.

  4. #4

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,047
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    I read about this on el reg... though they sort of made it sound like Microsoft were going to deliberately release exploits to hackers.

    They [Microsoft] don't seem to realise that when we [us techy types] still use XP, there's a reason for it. Either it's to do with software compatibility or we simply don't have the budget to upgrade.

  5. #5
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    911
    Thank Post
    41
    Thanked 69 Times in 66 Posts
    Rep Power
    18
    Esp in education there is some very rubbish software that doesn't follow good design. E.g clash with uac.

  6. #6

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,844
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627
    Moving to IT News forum.

  7. #7

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,651
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    We're in the middle of our migration at the moment, and have hit those issues - compatibility, budget, things that 'work'.

    My answer to all has been "tough".

    We have a legal responsibility to ensure the security and integrity of our data. Having gaping holes in our network is just not going to happen.

    So, those bits of incompatible software? We'll have to do without until they can be replaced. Those machines that are just too darn old to run Windows 7? Retired. Not enough money to replace right away? We'll have to wait until we can.

    With the amount of sensitive data that schools store and handle, it is simply irresponsible to leave such holes in place.

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    XP still has 30%+ marketshare. It seems a bit odd that MS will 'infect' or lead to these products to be infected by withdrawing support. I can't see that it will do Microsofts credibility any good if there is another mass windows virus/exploit and their only solution is 'give us more money or buy another PC'. Cue for a car analogy.

    There is still a lot of software that runs XP only and not so well in W7. It's still possible to keep using it without sacrificing any 'legal responsibility for needing to but PC's' - however that works. Most will run well in WINE and there are plenty of products (deepfreeze), VDI etc that will allow XP machines to return to base image when rebooted. I can also confirm that XP runs MUCH faster than W7 or W8 in a virtual environment.

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,651
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by CyberNerd View Post
    XP still has 30%+ marketshare. It seems a bit odd that MS will 'infect' or lead to these products to be infected by withdrawing support. I can't see that it will do Microsofts credibility any good if there is another mass windows virus/exploit and their only solution is 'give us more money or buy another PC'. Cue for a car analogy.

    There is still a lot of software that runs XP only and not so well in W7. It's still possible to keep using it without sacrificing any 'legal responsibility for needing to but PC's' - however that works. Most will run well in WINE and there are plenty of products (deepfreeze), VDI etc that will allow XP machines to return to base image when rebooted. I can also confirm that XP runs MUCH faster than W7 or W8 in a virtual environment.
    Think of it this way. XP still predominantly exists in business environments, and criminals will know this. If you have an XP machine attached to your network, and therefore your domain, you risk allowing that PC to be a security hole. A weak point where, sure, security isn't non-existent, but it is weaker as zero day exploits will exist on it. That machine will be a target for attackers and will be a great place to start an attack on other internal machines by doing things like password grabbing and data collecting.

    The fact that XP still has 30% marketshare is neither here nor there. Microsoft had a large share of Windows 2000 users after it ended support for it too.

    Microsoft's credibility isn't at stake here, your data is.

    You don't have a legal responsibility to buy PCs but you do have one to protect your data properly.

  10. #10


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,765
    Thank Post
    222
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by CyberNerd View Post
    It seems a bit odd that MS will 'infect' or lead to these products to be infected by withdrawing support.
    What that article is saying is that hackers will reverse engineer hotfixes designed for Windows 7 (or newer) and see if the same vulnerabilities exist on Windows XP. It goes without saying that this is not a new development or limited to just Microsoft OSs.

    Microsoft warns it'll hand out zero days for Windows XP « The Register

    "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities," said Tim Rains, Microsoft's director of trustworthy computing, in a blog post.

    "If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a 'zero day' vulnerability forever."
    I wouldn't take any notice of The Register's sensationalist headlines. They often bear little resemblance to the article.

    Quote Originally Posted by CyberNerd View Post
    I can't see that it will do Microsofts credibility any good if there is another mass windows virus/exploit and their only solution is 'give us more money or buy another PC'.
    You can't expect any business to support software indefinitely. For example, do you seriously expect Google to support Android 1.5 forever - it is 'only' 4 years and 3 months old!

    Quote Originally Posted by CyberNerd View Post
    I can also confirm that XP runs MUCH faster than W7 or W8 in a virtual environment.
    So does Windows 3.1!
    Last edited by Arthur; 17th August 2013 at 12:09 PM.

  11. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,839
    Thank Post
    876
    Thanked 1,679 Times in 1,459 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by newpersn View Post
    And papercut release station. Not changing that as it works.
    For someone in IT its not the best attitude. Surely its all about progression.

    Quote Originally Posted by X-13 View Post
    They [Microsoft] don't seem to realise that when we [us techy types] still use XP, there's a reason for it. Either it's to do with software compatibility or we simply don't have the budget to upgrade.
    To be honest you have had a long time to overcome this...

  12. #12

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,047
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by FN-GM View Post
    To be honest you have had a long time to overcome this...
    Not really. Curriculum is all Win7. Admin on the other hand is LEA controlled. And they haven't done anything.

    There's been a lot of talking, but no actual doing.

  13. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,651
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by X-13 View Post
    Not really. Curriculum is all Win7. Admin on the other hand is LEA controlled. And they haven't done anything.

    There's been a lot of talking, but no actual doing.
    Are you a Sims school? You're gonna have issues soon if you're still on XP and are a Sims school...

  14. #14

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,047
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by localzuk View Post
    Are you a Sims school? You're gonna have issues soon if you're still on XP and are a Sims school...
    We're not a SIMs school... we're an RM school.

    But there was talk of SIMs during bett.

  15. #15
    newpersn's Avatar
    Join Date
    Nov 2010
    Location
    Gloucestershire
    Posts
    1,187
    Thank Post
    273
    Thanked 110 Times in 83 Posts
    Rep Power
    76
    Quote Originally Posted by FN-GM View Post
    For someone in IT its not the best attitude. Surely its all about progression.
    Its sat on an old p4 box from stone ages. It boots up in less than 30secs and connected directly to the print server.

    When the library move to the new building in September 2014 I will think about getting on to windows 7.

    Its just finding the time to play with all the settings to get just right.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. The joys of running old cars!
    By 3s-gtech in forum General Chat
    Replies: 78
    Last Post: 3rd September 2013, 02:46 PM
  2. Replies: 5
    Last Post: 7th December 2012, 03:55 PM
  3. Replies: 18
    Last Post: 16th April 2012, 06:25 PM
  4. Replies: 3
    Last Post: 26th March 2012, 10:52 AM
  5. What's the point of 'Run As Admin'
    By mattx in forum Windows 7
    Replies: 6
    Last Post: 9th September 2011, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •