Windows XP end-of-life: Danger or hype?

Jenny Carpenter

If you work in IT, you are probably aware that official support for Microsoft Windows XP ends on April 8, 2014. After this date, Microsoft will stop sending out security patches for the aging operating system. Support for Office 2003 and Exchange 2003 ends on the same day.

There are plenty of scare stories around about what will happen in the aftermath of this support withdrawal. Undoubtedly, some people won’t manage to migrate their systems in time.

Are the dangers significant or are the risks over-hyped?

Genuine Dangers

We will get straight to the point: we think the danger is real.

Hackers have a really easy way of finding ways to exploit Windows XP once support patches stop being released. Each time a patch arrives for Windows 7 or 8, they can take the time to reverse-engineer it and see if the vulnerability also applies to Windows XP. If it does, they hit the jackpot.

Microsoft won’t release an XP patch, so the vulnerability sits there ripe for exploitation on all the systems that continue to run XP after the deadline.

The problem gets worse when you consider Outlook and Exchange as well. Many companies use Outlook together with third-party plugins, often as a way to interface with a CRM system. These systems will also become very vulnerable if they’re not quickly moved onto supported platforms.

Compliance

Compliance is also a serious matter. The UK’s Data Protection Act specifies that systems must use “up to date” software to protect personal information. The Payment Card Industry Standards (PCI) compliance guidelines state that institutions must use a “manufacturer supported operating system”.

Companies who fail to upgrade could find themselves in serious legal hot water if a breach occurs and they are still be using an operating system that is no longer supported. Companies providing indemnity and liability insurance may refuse to pay out if their clients are in breach of legislation.

The danger surrounding XP’s end of life is NOT just hype. Falling foul of compliance legislation can result in financial ruin and reputational damage for companies of all sizes.

Now is the time to give some serious thought to anywhere that XP, Office 2003 and Exchange 2003 may continue to lurk. Here are some places to start:

  • Home users who may still have a long forgotten XP laptop.
  • Control machines running things like access control and CCTV systems.
  • Old servers that remain on the network to provide access to historical information.

It only takes one unpatched machine to provide hackers with a way in to a network. Now’s the time for a final look around, and a final wave goodbye to Windows XP. If you haven’t started, well…