People Still Use Windows XP and This Could Affect Your Organization

Released in 2001, Windows XP was perhaps Microsoft’s most popular operating system, gaining its second wind after the release of Vista was greeted less than rapturously in early 2007. Windows XP is still used on around 30% of all computers, and is second in popularity only to Windows 7.

Security updates and technical support for Windows XP (with a couple of exceptions) ended April 8, 2014.

XP was (and still is) used heavily in government-run facilities, including schools. In fact, a survey found that a staggering 96% of schools were affected by the end of support services for Windows XP. Currently there are an estimated 430 million PCs in the world still running Windows XP in some form. Projections for a final exit of Windows XP are currently around two years. That’s two years in which businesses and individuals will rely on an increasingly insecure operating system.

“You still use Windows XP and regularly access the Internet. I find that very … interesting … “

The Risk to XP Users

Microsoft itself wants people to upgrade, and not just because they’ll mostly be upgrading to other Microsoft products. Microsoft told The Guardian, “PCs running Windows XP after 8 April, 2014 should not be considered to be protected, and it is important that consumers migrate to a current supported operating system such as Windows 8.1 so they can receive regular security updates to protect their computer from malicious attacks.”

Extended Support for XP

Windows XP Embedded systems still have support, and there are reports that Microsoft is extending support for Windows XP in China, where over half of all desktops run it. Additionally, some governments and deep-pocketed enterprises have handed over millions of dollars for extended Windows XP support. But these threads of extended support don’t do much to mitigate risk. Huge numbers of Windows XP machines in China are believed to be using fake licenses, and there may be no way of legally upgrading them, or convincing their owners they should. The vulnerability of Windows XP machines will continue to increase, despite these instances of extended support.

“I’ll take ‘Things Standing Between Me and Extended Windows XP Support’ for a thousand, Alex.”

Why Extended Support for XP Ultimately Won’t Help

If you’re a hacker, knowing there are millions of machines out there without support, you’re going to target those machines. As attackers learn to exploit aspects of the Windows XP operating system, they can do so knowing those vulnerabilities will no longer be addressed by Microsoft.

That means browsers, mail programs, business applications, and third-party programs on XP machines will become increasingly vulnerable. Though Microsoft releases patches and updates to fix flaws in supported Windows versions, they will not be testing XP to see if those same flaws exist there, and they will not be making patches for them.

Security Risks of Continued Use of Windows XP

As hackers learn to reverse-engineer updates and patches Microsoft develops for supported operating systems, they’ll quickly try to determine if those same problems exist in Windows XP. Knowing that Microsoft won’t be addressing those problems makes it easy for hackers to take advantage of the situation. Compromised XP systems can end up spitting out spam, in botnets, and distributing malware. In other words, people who continue to use Windows XP on the public Internet put others at risk without meaning to.

Microsoft’s Fix of IE Zero-Day Vulnerability

Microsoft recently chose to issue a patch for the Internet Explorer Zero-Day vulnerability, because it’s a serious problem affecting all versions of IE back to Windows XP. This flaw could allow attackers to execute code remotely on compromised machines were the user to view an infected web page using IE. Microsoft really had no choice but to fix this problem across all IE versions and operating systems, because it’s such a huge risk. However, the fix could undermine efforts to get Windows XP holdouts to upgrade, because it sets a precedent that if a problem is really big, Microsoft will fix it.

Risks to Individuals and Enterprise

Home users of Windows XP could ultimately open a backdoor onto their computers inadvertently, allowing attackers to gather critical personal data, such as banking information for nefarious uses. Enterprises may hold out upgrading because of cost, or because of perceived risk of data loss during migration to a newer operating system. Many individuals and businesses may mistakenly believe that because the Zero-Day flaw has been patched, they’re safe, but that’s not even remotely true. With so many processes shifting to the cloud, it’s entirely possible new vulnerabilities will be discovered, and un-supported operating systems like XP will be especially susceptible.

If your organization uses comprehensive IT service management software like Samanage, it has a better handle on IT assets and can implement a more controlled and organized upgrade from Windows XP if your organization still hasn’t done so. Moreover, IT asset management capabilities in Samanage can help you keep a more watchful eye on your network, so you can recognize inconsistencies or risks earlier, before they can cause big, expensive problems.