All good things must come to an end and, as of 8 April, Microsoft Windows XP has finally been lain to rest in the Microsoft graveyard alongside Windows 2000, NT, 95 and all the other legacy products where development has ceased.

XP support has ended – How long have you got before your systems are hacked?


All good things must come to an end and, as of 8 April, Microsoft Windows XP has finally been lain to rest in the Microsoft graveyard alongside Windows 2000, NT, 95 and all the other legacy products where development has ceased.

This means no new Windows Updates to download and apply – Hooray! No more patches ever!

Unfortunately, this also means there will be no more fixes or enhancements forthcoming. Aside from potential compatibility issues with applications that are still being developed and improved, this also means that, for any new vulnerabilities discovered in XP, there simply will not be any means of remediation. The result is that XP will become a sitting duck for hackers, inexorably becoming more and more vulnerable to attack over time.

What is the Solution from Microsoft?

Upgrade now, say Microsoft. Go Windows 7 or 8.1 and you gain a continually-improving operating system, fundamentally more secure than XP to begin with but with the full backing of MS development to head-off any new vulnerabilities as and when they are discovered.

Aside from the cost implications in license upgrade fees, the resource requirements needed to migrate can be huge, which is why there is still an estimated 95% of the world‘s ATMs being powered by Windows XP. Considering that there are 420,000 ATMs in the US alone,

the migration to a new OS is indeed a massive endeavor. (Source – PCI Security Standards Council) Likewise, the overwhelming majority of POS systems are XP-powered for the same reason, the risk and expense of migration has resulted in leaving the problem for another day.

What Should You Do If Upgrading to Windows 7/8 isn’t a Viable Option?

And that day has now arrived. So if Microsoft aren’t going to provide any security cover for your XP systems, what other options are there to improve protection and provide contingency in the event that systems are breached?

Unless you have already established a hardened build standard for XP, now is the time to do so. By leveraging the ‘natural’ built-in protective defenses for XP, all current known threats and vulnerabilities for the OS can be mitigated. Use of a vulnerability scanning tool, equipped to audit the XP systems against a consensus-based Vulnerability Checklist, such as the CIS Benchmark for XP, will reveal any Security Policy settings that can be utilized to close off as many known vulnerabilities as is possible. The hardened XP system, equipped with AV and firewalled at the perimeter will go a long way to avoiding cyber security threats.

Any subsequent patching of 3rd party applications or configuration changes to the XP system may re-introduce vulnerabilities, so it is vital to scan regularly, or ideally, use a continuous vulnerability monitoring solution like NNT Change Tracker or Tripwire Enterprise. Time is of the essence is mitigating vulnerabilities when they are introduced so a continuous or real-time scanning system is considerably better than a one-off periodic scan using a Nessus-type system.

However, since new vulnerabilities may be discovered at any time, it is imperative that your security best practice measures include some form or ‘what if’ planning. The breach at Target reminded everybody that even with PCI DSS measures in place, if the organization ‘drops its guard’ at any time, threats are waiting to take advantage.

Real-time FIM provides the perfect Host Intrusion Detection system. Any change to a system file (as was the case at Target, the BlackPOS malware created a winxml.dll Trojan) will be detected immediately and an alert raised. Similarly if new services are added or enabled, or there are subtle registry changes, a good real-time FIM system will record these as violations of the XP Hardened Build configuration and allow the breach to be stopped before lasting damage is done.


In conclusion, time is up for XP and it is imperative that a migration is planned to a secure, supported operating system. In the meantime, use of 3rd party breach prevention and detection technology is more vital than ever.


Share this blog post

Share this blog post

USA Offices
New Net Technologies Ltd
9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.