Microsoft has announced that all official Windows XP support will be terminated on April 8, 2014. But despite the fact that zero-day is just around the corner, millions of businesses and individuals are still using the legacy platform, making them extremely vulnerable to hacking and malware attacks.
The Windows XP platform’s ecosystem is officially going to expire. Launched in 2001, Microsoft ended its mainstream support for the platform in April 2009. A 5-year support plan was then announced following the platform’s huge success.
“Getting Over your XP“, a Spiceworks report, revealed that over 75% of IT professionals still run Windows XP. Needless to mention, unsupported mainstream operating systems are paradise for cyber-criminals and fraudsters.
Businesses and private homes, especially in Asia, S.America and Africa, have been very slow in upgrading their computing systems. The inability to adopt new software is due to lack of compatible hardware and poor resources, along with inadequate financial capabilities. The upcoming XP support termination will put these networks in jeopardy.
To make matters worse, Google has already announced that it will offer full Windows XP Chrome support well into 2015. While this move may help the die-hard loyals and cash-stripped Windows XP users for the short-term, it can also delay their move to safer and supported operating systems. A patched browser isn’t a substitute for a fully-patched system.
Possible damages and exploits can include:
A great example is the Indian Banking Industry, which uses Windows XP as its default software platform. Over 34,000 bank branches and thousands of retailers still rely on the expiring OS. The situation in China is equally worrying. 49% of Chinese computers still use Windows XP, with a high percentage using pirated insecure versions.
Hackers can use a wide range of tricks to exploit Windows XP systems. This can start with realistic “system pop-ups” containing phone numbers regarding possible upgrades. More sophisticated techniques can involve bogus registration forms that harvest your private information or even links that activate malware download and installation.
CISOs and InfoSec Executives face a huge challenge in coming months. Besides demanding the funding and resources required to upgrade the current operating systems, they must define clear guidelines to minimize the risks. Only basic activities such as sending and receiving emails and basic browsing sessions should be permitted.
Its time to say goodbye to Windows XP. The sooner the better.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.