Windows XP deadline and security concerns

The end of support for Windows XP OS is at hand, the consequences could be serious for specific industries and in counties where the OS is dominant.

Timing is running out for Windows XP because the end of support is very close, tomorrow, April 8th 2014, the support for the popular OS will end. After 12 years, support for Windows XP will end and as announced by Microsoft there will be no more security updates or technical support for systems that run it. 

“Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer. PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system – such as Windows 8.1 – so you can receive regular security updates to protect their computer from malicious attacks.” states Microsoft official announcement.

The repercussions under security perspective are serious, also considering that over 70% Microsoft’s security bulletins in 2013 were related to flaw in to Windows XP based systems and the situation can only get worse in the near future. Enterprises and organizations are spending a large amount of resources and money on updating their systems, the overall percentage of Windows XP machines drop from 35% in January 2013 to 14% in February 2014. Windows XP customers could choose to pay for extended support, an expensive option that is at least US$ 100,000/year, or migrate a newer OSs like Windows 7 and Windows 8. The principal security concerns are related to industrial control systems and medical devices that are characterized by a long life cycle, typically greater than 10 years. In these industries Windows XP systems are vital components and their replacement is not so simple. I have found an interesting statistic on the diffusion of Windows XP in North Korea, one of the country considered more advanced in cyber security. Currently in the North Korea Windows XP still has a 49.94 percent market share, according data provided by StatCounter it is the primary OS in the country followed by Windows 7 with 32.58 percent.

It is clear that it will be impossible for the North Korean systems to be updated in the next months and the repercussions will be dramatic, let consider that North Korea is considerable as a dangerous cyber adversary for Western states and for the South Korea, for sure the number of state-sponsored attacks against Windows XP systems in the country will increase. On the other end, Microsoft has recently signed a deal with the UK government to extend support for the Windows XP used by its offices, same agreement is signed with other governments.  Security experts have no doubts, Windows XP will be increase targeted in the next weeks and also the offer in the underground is ready to satisfy the demand for new exploits against flaws that will be no more patched.

Pierluigi Paganini

(Security Affairs –  Windows XP, security)