Upload
mwawi
View
215
Download
0
Embed Size (px)
Citation preview
8/12/2019 XP-EOS
1/4
To: All
From: RDM Development Officer
Date: 22ndJanuary, 2014
SUBJECT: SECURITY IMPLICATIONS OF MICROSOFT WINDOWS XP END OF SUPPORT
Introduction
Production use of software in a networked environment is typically surrounded by
security processes to mitigate newly discovered security vulnerabilities. Software patch
management is one of the fundamental security processes that organizations employto mitigate risk and ensure system compliance. Software vendors usually update
software to fix discovered vulnerabilities and release new software versions or patches
to existing software versions. When a software vendor discontinues updates for security-
related issues, newly discovered vulnerabilities become persistent threats in an
organizations attack surface. When a software application is widely deployed, the
attack surface becomes a significant risk.
Microsoft announced that the extended support for the Windows XP operating system(as well as Office 2003 and Exchange 2003) is scheduled to end on April 8, 2014.
According to Microsoft, end of support means an end to the following:
Security updates Non-security hotfixes Free or paid assisted support options Online technical content updates
This is the time to make sure you have the latest available update or service pack
installed. Without Microsoft support, you will no longer receive security updates that can
help protect your PC from harmful viruses, spyware, and other malicious software that
can steal your personal information.
8/12/2019 XP-EOS
2/4
Microsoft Support Lifecycle
Microsoft Support Lifecycle policy provides consistent and predictable guidelines for
product support availability when a product releases and throughout that products
life. By understanding the product support available, users are better able to maximizethe management of their IT investments and strategically plan for a successful IT future.
Client operating systems Latest update or
service pack
End of
mainstream
support
End of extended
support
Windows XP Service Pack 3
April 14, 2009 April 8, 2014
Windows Vista Service Pack 2 April 10, 2012 April 11, 2017
Windows 7 * Service Pack 1 January 13, 2015 January 14, 2020
Windows 8 Windows 8.1 January 9, 2018 January 10, 2023
* Support for Windows 7 RTM without service packs ended on April 9, 2013. Be sure to installWindows 7Service Pack 1today to continue to receive support and updates.
Security Implications
Microsoft Windows XP was designed and developed 13 years ago, before Twitter,
Facebook, instant messaging, social networking or the cloud. Over the past decade,
internet usage, and consequently malicious activity, has grown exponentially; Windows
XP and Office 2003 were never designed to operate in todays environment. The
annual Microsoft Security Intelligence Report consistently indicates that Windows XP SP3
machines receive more than twice the number of malware infections as Windows 7
machines.
http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3http://windows.microsoft.com/en-us/windows/end-support-helphttp://windows.microsoft.com/en-us/windows/end-support-helphttp://windows.microsoft.com/en-us/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2http://windows.microsoft.com/en-us/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows/buyhttp://windows.microsoft.com/en-us/windows/buyhttp://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows/buyhttp://windows.microsoft.com/en-us/windows7/install-windows-7-service-pack-1http://windows.microsoft.com/en-us/windows-vista/learn-how-to-install-windows-vista-service-pack-2-sp2http://windows.microsoft.com/en-us/windows/end-support-helphttp://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp38/12/2019 XP-EOS
3/4
Since its release, cyber-intruders have discovered and exploited a number of
vulnerabilities, some of which are able to compromise the security of an organizations
network holdings without warning. When an exploit becomes known, Microsoft issues
security bulletins or advisories which may also contain patches that must be installed in
order to protect our networks. The delay between the discovery of a vulnerability and
the design and implementation of a mitigation patch facilitates the exploitation
potential of that vulnerability by cyber-intruders. Consequently, an organizations
network could remain vulnerable for an extended period of time. After April 8, 2014,
therefore, any newly discovered vulnerability will no longer be addressed by Microsoft
and new patches to fix them will not be developed, thus increasing the likelihood of a
successful cyber-incident on an organizations network.
External Security Threats
Malwareincreased from 1000 in 1996 to millions in 2012 and has become anonline crime story. It includes computer threats such as viruses, worms, Trojans,
exploits, backdoors, password stealers and spyware. Windows XP is 21times more
likely to be infected by malware than Windows 8.
VulnerabilityWindows XP with SP3 is up to 56.5 times more vulnerable thanWindows 8 RTM.
Hacktivismthreat to business increased nearly 70% in H1 2012 versus H1 2011. Fake Virus Alertsincludes rogue software in the form of pop ups which can
infect computers if clicked and can spoof the Microsoft security update process.
!---
Evolution of attacks
Rather than actively targeting remote services, attackers now primarily focus exploiting
vulnerabilities in client applications such as web browsers and document readers such
as acrobat. Such attacks (infections) can slow your machine to a crawl, and if they start
sending spam or virus emails from your machine, your legitimate emails risk being
8/12/2019 XP-EOS
4/4
refused by recipients email servers because you have been blacklisted as a spammer.
This can hamper or cripple business.
How the evolution of security threats impacts business
The way organizations and their employees use technology has changed dramatically
in the last decadeand unfortunately hackers have evolved too. The security risks you
faced on your desktop more than a decade ago do not come close to todays threat
landscape across a range of devices.