Last week on Microsoft’s Security Blog, Tim Rains reminded Microsoft XP users that in less than one year, Microsoft is ending support for Windows XP. Rains walked through some of the important security implications for customers, and what the changes mean for users. As Microsoft products typically cycle through three phases (active product, extended support, and retirement), Windows XP will officially be retired next year, and security support will cease for users.
Windows XP was released twelve years ago and Rains identified that Internet usage has grown exponentially during that time period. When Windows XP was first released, Internet usage was about 361 million users, and today boosts over 2.4 billion users. Today, we are connected like never before, and we use the Internet in ways we could barely even imagine twelve years ago. Likewise, with the advancement of mobile devices and tablets, Windows XP cannot support the growing needs of consumers to access documents and information anywhere and any location.
Although the Internet has redefined the way society engages with government, socializes with friends and transformed how organizations do business, the Internet has also become a camping ground for criminal and malicious activity. GovLoop’s recent cyber security infographic shows some of the trends in reported cyber attacks since 2002 by federal agencies, clearly, cyber attacks are a growing concerning. With Microsoft ending support for XP, it is imperative that agencies take the proper steps to limit vulnerabilities, protect systems and upgrade properly secured systems. Rains continues to say what will happen:
“Per our long established product support lifecycle, after April 8, 2014, Windows XP SP3 users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its end of life will not be addressed by new security updates by Microsoft. Moving forward, this will likely make it easier for attackers to successfully compromise Windows XP-based systems using exploits for unpatched vulnerabilities. In this scenario, antimalware software and other security mitigations are severely disadvantaged and over time and will become increasingly unable to protect the Windows XP platform.”
Rains continues to describe that over time, Windows XP will become extremely vulnerable to attacks, and computers will have a much higher rate of malware infection if they do not upgrade to a new operating system. Rains also is clear to mention that security software has been upgrade substantially in the past 12 years, and with many new features, modern operating systems, which are properly updating with security patches, can help mitigate risks and attacks for organizations. Rains mentions features such as real-time malware protection, bit locker data encryption, user account controls, UEFI secure boot and trusted boot.
Is your agency is still running Windows XP? I’d be curious to learn what steps you are taking to upgrade your system in order to remain secure.
HP’s mission is to invent technologies and services that drive business value, create social benefit and improve the lives of customers — with a focus on affecting the greatest number of people possible. Check out their HP for Gov group on GovLoop.