Internet Explorer Vulnerability and Windows XP

As I wrote a few weeks ago, if you’re still running Windows XP you are officially ‘on your own’ as it relates to updates and patches. Just this week a problem was reported with Internet Explorer and is a perfect example of what I meant.

A so-called ‘Zero Day’ bug was found with most versions of Internet Explorer. If exploited it would allow an attacker to control a computer with the same rights as the person using it.

Microsoft will patch this as it routinely does with other issues – usually on ‘Patch Tuesday’ – Microsoft’s monthly security update release process. If they feel it important enough they’ll release a patch sooner – what they refer to as ‘out-of-cycle’.

But if you’re computer has Windows XP you won’t receive any patches or updates as they won’t be released for that OS. So if you still have Windows XP systems that you’re using, really think about moving them to Windows 7/8 ASAP.

 


 

 

Heads up! The Windows XP Scams Have Started

I wrote about a month ago that you should expect to start seeing the bad guys exploiting the end-of-support of Windows XP. They haven’t wasted any time and the latest tactic is particularly aggressive, so alert your users. Thanks to our friends at CyberheistNews for this latest tipoff. Here’s how this scam works.

The criminals either send an email or make unsolicited telephone calls and claim to be from Microsoft or your Help Desk. They then tell you a bit of truth about Windows XP being unsupported (which you already know if you’re running Windows XP and seeing the pop-ups telling you this) and then that there are exploits in Windows XP that can’t be fixed automatically anymore. But they then claim to have a patch they will manually apply if you give them access to your computer.

Once they’ve got onto the computer they ‘own’ it and can subsequently hack into the rest of the network with relative ease.

Remind your users that Microsoft and it’s partners never make unsolicited calls. If you get a call or email that purports to come from ‘Support’ or ‘Microsoft’ telling you that you need to do something, hang up and call your real IT support team.

Everyone be careful out there!


 

The Bad Guys are Waiting for April 8

Most of you are probably aware that Microsoft is ending support for Windows XP on April 8. That means no more patches, bug fixes, or updates. But what many of you may not know is that cyber-criminals have been hoarding discovered vulnerabilities, patiently waiting for April 9, so that they can then use or sell them. There are some estimates that there are hundreds of potential vulnerabilities out there waiting to be exploited.

What can you do if you still have XP machines in production? There are basically 3 options.

  1. Microsoft has created an incentive program called Get2Modern that offers discounted pricing on Windows 8 software upgrades. Expect around $140. But keep in mind that many older machines running Windows XP and many older applications may not be able to run on Windows 7 or 8, or may require hardware upgrades. And upgrading the operating system on a XP machine to Windows 7 or 8 isn’t trivial as there is no direct upgrade path. Expect to spend many hours for each machine.
  2. You can purchase/lease/rent new desktops or notebooks that come with the latest version of Windows – and a new machine warranty, as well. And prices are pretty attractive right now. For example, we just had a customer pick up some HP All-in-One desktops with Windows 8.1 Professional for less than $500. And monthly rentals with Windows 7 or 8 and the latest version of Microsoft Office are only $49
  3. If you must keep old XP machines around for a while, you can take certain steps to mitigate the exposure you have. See the article from our friends at KnowBe4 for details.

 


 

Will ATM’s Running XP be a Security Risk?

According to the ATM Industry Association most ATM’s will continue running Windows XP after Microsoft ends support for the OS. I can’t say that I’m surprised even though banks and financial institutions have had years of advanced notice of the retirement of XP.

In the US about half of ATMs are run by banks and the other half by independent operators. Upgrading is a significant effort (and cost) which probably explains why so many ATMs are still running XP.

Microsoft has specifically pointed out that the end of XP support means it will become vulnerable to future exploits, but that also doesn’t automatically mean that ATMs will become vulnerable. They are ‘closed’ systems that only perform a single task and there are safeguards that can be taken that will allow them to continue to achieve PCI SSC compliance – for a while.

But PCI compliance as well as several state laws – such as Massachusetts 201 CMR 17 – require that systems have software that’s supported by the manufacturer.

So will there be a security risk? Yes, but it’s not doubling overnight. But minimally the owners of the ATMs you use should have a plan in place for fairly immediate migration of the ATM to newer software standards.

And by the way, this problem extends far beyond ATMs. Most restaurant and retail store point-of-sale terminals also still run on Windows XP.

 


 

 

Windows XP Support Ends in 36 days and PCmover Express

Unless you’ve been seriously out of contact for a while, you probably already know that Microsoft’s support for Windows XP is ending this spring. But like the April 15 tax deadline, these dates have a way of sneaking up on you and suddenly you realize it’s SOON.

Starting March 8 look for a popup message on your Windows XP computer from Microsoft reminding you that support for XP is ending on April 8.

And to help you out with transferring your old data and settings to a new computer, check out PCmover Express just released by Microsoft in conjunction with Laplink. PCmover Express will copy your files and settings to a new device running Windows 7, 8, or 8.1. Available later this week from windowsxp.com

 


 

Does an OS have a Shelf Life? Windows XP Does – Here’s Why.

By now you’ve probably heard that Windows XP support from Microsoft officially ends this April. Many just brush off the end of support as a cynical marketing ploy by Microsoft to compel users to purchase an upgrade. But here’s why it isn’t.

Windows XP was a remarkable operating system in its day. Consider that it had to run most of the old 16-bit Windows software on the market while at the same time laying out the framework for a real 64-bit OS which we enjoy today (Windows 7/8). But fair is fair. It is fundamentally no where near the OS that Windows 7 or 8 is and no amount of patching and TLC will ever make up the difference. And the needed environment and security threats that exist today weren’t even contemplated when Windows XP was being created.

So what will happen if you don’t upgrade systems using Windows XP by this coming April? Based upon what happened when Windows XP Service Pack 2 went end of life in 2010, malware infections increased a whopping 66%. Check out the data¬†here. I would anticipate similar problems this April.

So plan to make the transition sooner rather than later. For most current versions of applications it’s not a big deal but if you have older vertical apps, it’s time to start working on it.