Story image

Windows XP end-of-life: Danger or hype?

20 Mar 2014

You are probably aware that official support for Microsoft Windows XP ends on April 8, 2014.

After this date, Microsoft will stop sending out security patches for the aging operating system. Support for Office 2003 and Exchange 2003 ends on the same day.

There are plenty of scare stories around about what will happen in the aftermath of this support withdrawal. Undoubtedly, some people won’t manage to migrate their systems in time.

Are the dangers significant or are the risks over-hyped?

Genuine Dangers...

Let me get straight to the point: we at GFI Software think the danger is real.

Hackers have a really easy way of finding ways to exploit Windows XP once support patches stop being released. Each time a patch arrives for Windows 7 or 8, they can take the time to reverse-engineer it and see if the vulnerability also applies to Windows XP. If it does, they hit the jackpot.

Microsoft won’t release an XP patch, so the vulnerability sits there ripe for exploitation on all the systems that continue to run XP after the deadline.

The problem gets worse when you consider Outlook and Exchange as well. Many companies use Outlook together with third-party plugins, often as a way to interface with a CRM system. These systems will also become very vulnerable if they’re not quickly moved onto supported platforms.


Compliance is also a serious matter. The new Australian Privacy Act requires that organisations take reasonable steps to protect personally identifiable information from misuse, interference, loss, unauthorised access, modification and disclosure.

The Payment Card Industry Standards (PCI) compliance guidelines state that institutions must use a “manufacturer supported operating system”.

Companies who fail to upgrade could find themselves in serious legal hot water if a breach occurs and they are still be using an operating system that is no longer supported. Companies providing indemnity and liability insurance may refuse to pay out if their clients are in breach of legislation.

The danger surrounding XP’s end of life is NOT just hype. Falling foul of compliance legislation can result in financial ruin and reputational damage for companies of all sizes.

Now is the time to give some serious thought to anywhere that XP, Office 2003 and Exchange 2003 may continue to lurk.

Here are some places to start:

· Home users who may still have a long forgotten XP laptop.

· Control machines running things like access control and CCTV systems.

· Old servers that remain on the network to provide access to historical information.

It only takes one unpatched machine to provide hackers with a way in to a network. Now’s the time for a final look around, and a final wave goodbye to Windows XP. If you haven’t started, well…

An easy way to track down those machines or systems still running XP is to use Free Asset Tracking, a no-charge component of the GFI Cloud suite of cloud-based IT management services. GFI Cloud also provides patch management, antivirus and monitoring from the same console.

That could take the hard work out of your inventory process at least.

By Jackie Wake, Product Manager, GFI Software

Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
HPE launches 'right mix' hybrid cloud assessment tool
HPE has launched an ‘industry-first assessment software’ to help businesses work out the right mix of hybrid cloud for their needs.
ADLINK and Charles announce multi-access pole-mounted edge AI solution
The new solution is a compact low profile pole or wall mountable unit based on an integration of ADLINK’s latest AI Edge Server MECS-7210 and Charles’ SC102 Micro Edge Enclosure.