Perimeter
Guest Blog // Selected Security Content Provided By Sophos
What's This?
12/5/2013
09:42 AM
Maxim Weinstein
Maxim Weinstein
Security Insights
50%
50%

The Dinosaur In The Room

Support for Windows XP ends in April 2014; the implications extend beyond the workstation

It's no secret that Microsoft is mothballing Windows XP early next year. Officially dubbed the end of "extended support," the retirement means that security updates will no longer be available. Naturally, this means that systems running XP will become increasingly insecure, as new vulnerabilities (or those that have been held in reserve by attackers) become available on the black market. It may seem easy to dismiss this concern out of hand if you've already migrated your workstations to later versions of Windows. But, in practice, the implications of the retirement extend far beyond the workstation.

Thanks to its stability and relatively light resource use, Windows XP has been the OS of choice for specialized systems for more than a decade now. POS systems, medical devices, inventory systems, and a plethora of other turnkey devices have been built around XP. The most security-conscious vendors will surely have a plan to address the retirement of the venerable OS. History tells us, though, that many vendors will ignore the problem, leaving their customers with devices -- potentially used for critical business or patient care functions -- that are completely exposed to new exploits.

While "embedded" versions of Windows XP present a threat from within an organization, the global install base of XP PCs represents a broader threat to the ecosystem. It's already the case that Windows XP PCs that are not up to date have high infection rates. But there are plenty of XP users who do, in fact, make an effort to keep their systems patched. It's safe to say that many of these users -- who clearly don't put much stock in upgrading to the latest OS every few years -- will keep on using XP well after its retirement. As unpatched XP vulnerabilities become known within the criminal underground, we are likely to see an uptick in infected machines. More bots mean more spam, broader spread of malware, more phishing, and so on. Whether this will represent a significant enough change in the global bot population to make a noticeable difference remains to be seen, but it's worth acknowledging the potential.

With these potential risks in mind, what can you do as an information security professional? First, perform a careful inventory of any devices throughout your organization that may be using Windows XP, especially those that are outside of the realm of your typical managed workstations. Talk with the vendors of those devices about their plans to secure the environment in the absence of Microsoft patches. Consider upgrading or retiring XP devices that will not be adequately secured. If that's not an option, then consider additional security precautions (isolating devices, installing additional security software, etc.) that you can take to prevent the loss of confidentiality, integrity, or availability that could accompany a successful exploit.

This would also be a great time to educate your users about the retirement of Windows XP (and Office 2003, whose support is also ending in April) and its security implications. Many of your users (and their parents, friends, siblings) likely have old machines at home running one or both pieces of software. A simple email, flyer, or intranet post explaining what's happening, what it means for security, and what users should do (i.e., get a new computer) is all it takes to help them improve their own security and contribute to the security of the Internet at large. Maxim Weinstein, CISSP, is a technologist and educator with a passion for information security. He works in product marketing at Sophos, where he specializes in server protection solutions. He is also a board member and former executive director of StopBadware. Maxim lives ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
independent_forever
50%
50%
independent_forever,
User Rank: Apprentice
12/31/2013 | 2:25:20 PM
re: The Dinosaur In The Room
about time....it was good when it first came out but as with other versions of windows has outlived its usefulness and should go now...as an admin I am tired of patching this outdated OS already....let's move on..
Becca Lipman
50%
50%
Becca Lipman,
User Rank: Apprentice
12/9/2013 | 2:47:46 PM
re: The Dinosaur In The Room
Excellent article. The retirement and subsequent impacts of Windows XP is difficult for a casual user to fully understand. Many feel the time to buy a new computer is not when the security is low, but when the old one stops functioning properly. The casual computer owner is mainly focused on extending the lifespan and keeping the speed manageable. This is unlike a cell phone, where new models and apps make it enticing to upgrade.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?