Microsoft Windows

State of Emergency as Windows XP Support Ends?

Starting from April 8, 2014, Microsoft stops support for Windows XP even while its market share is still high (29.53% in February 2014 according to Net Applications). What would be the security impact of this decision? In practical terms, computers that are still running Windows XP no longer receive updates, including those to address security vulnerabilities of the operating system. Whether you are an individual or a company, are you about to become the favorite target for cybercriminals? It’s not so clear…

Whether small, medium or large enterprise, from banking to industrial to service sectors, April 8, 2014 could impact a wide range of organizations as the end of Windows XP support is more than just a matter of migrating to a new operating system. Other considerations such as cost or disruption of services related to that migration are critical factors that also need to be taken into account when deciding to upgrade.

Take the example of the banking sector. 95% of automatic teller machines (ATMs) around the world rely on computers running Windows XP. Besides the disruption of services to perform this migration, these computers are not normally able to support a newer version of Windows. In this case, a migration is not possible without first upgrading the computer, incurring significant cost and downtime for these companies. The same goes for SCADA (Supervisory Control and Data Acquisition) environments. These industrial systems feature business specific application which have been developed for Windows XP and will require significant development and cost to migrate to another operating system.

In light of the potential difficulties, what options are available to these companies?  One possible option is to do nothing. Will they be more vulnerable? Not necessarily! Depending upon the company, it could be that they do not make patches available for the OS in order to avoid disruption of their services. For these organizations, a disruption of services is not limited to just the migration to a new OS but also includes any update of any operating system. These companies will be no more vulnerable than they already are today. Conversely, companies who have systematically updated their operating systems will become more vulnerable after April 8 if they choose not to upgrade their systems.

As for the ATMs themselves, rest assured that these machines are not directly connected to the internet. The only way for a cybercriminal to target them is to attack the machine itself (e.g.: introducing a Trojan through a USB key connected to the machine) - a very unlikely operation and a very risky one for cybercriminals.

Understand that the key to staying on Windows XP is not being connected to the internet. If that’s not possible, it’s highly recommended that you migrate to another operating system because it is certain that there will be an upsurge of attacks targeting XP vulnerabilities to extract sensitive information (competitive information, credit card numbers …) from these systems.


Guillaume Lovet is Senior Manager, FortiGuard Labs Threat Response Team, Fortinet


« Top Tips: How to Implement a Successful Enterprise App Store


Turkey Evidences the Rise of Privacy »
Guillaume Lovet

Guillaume Lovet is Senior Manager, FortiGuard Labs Threat Response Team, Fortinet

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?