Serious Security Risks Coming for Businesses Still Using Windows XP

Over ninety percent of businesses users around the world rely on a computer infrastructure built on the Microsoft Windows operating system. In the past few years, IT Services Group has helped dozens of companies in the Philadelphia region update their computer systems to Microsoft Windows 7, currently the most popular software platform from Microsoft.

Before Windows 7 was released in October 2009, the most widely used Microsoft operating system was Windows XP, released all the way back in 2001. Last year, Microsoft announced that it would no longer support Windows XP, beginning on April 8, 2014. What does that mean for your business and your computer infrastructure if you’re still dependent on the retiring XP?

The most obvious change is that Microsoft technicians will no longer be able to troubleshoot software errors that occur on your computer network and will no longer provide updates for compatibility with new industry software on which your business relies. But far more importantly, security updates from Microsoft will no longer be released for Windows XP. This is a little-known, but critical issue for users who aren’t planning to migrate to Windows 7 before April.

Each month, Microsoft releases security patches for their software to address vulnerabilities in their code and to combat hackers who have found ways to exploit them to steal data or spread viruses through networked machines. Beginning on April 8, Microsoft will no longer release updates to fix newly discovered security flaws. As hackers develop ways to break into Windows XP-based networks, Microsoft will no longer be responding to the threat, instead focusing on addressing exploits in their newer systems, Windows 7 and 8. Even worse, new security patches that apply to later versions of Windows will expose those same flaws in every prior version of Windows, making it even easier for hackers to break into prior versions. Consider the following except from a blog post by Tim Rains of Microsoft:

The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever. How often could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

This means that every time Microsoft finds a problem with Windows 7 and Windows 8 and fixes those problems, they will inadvertently be creating a guidebook for attackers to exploit those same flaws in Windows XP. Microsoft is aware of this problem and is campaigning urgently to push businesses into upgrading to a newer version of their operating system. IT Services Group will continue doing its part to make local businesses aware of the need to update, to protect the data of our clients, if not for the extra features, stability, and ease of use of Windows 7.