XP Continues to Dominate Organizations

It wasn’t all that long ago that Windows XP was run on a significant proportion of desktops in the enterprise. And despite the recent end-of-life statements, XP is still very much among the living. For example, a fiber-optic cabling deployment ship uses it to navigate where to lay its cable, and an automated safe made by Brinks still runs on Windows XP, too. At the DEF CON conference in August, security researchers showed how they could reboot the safe, take control of its systems and mess with the underlying Microsoft Access database to open its door and steal the money inside.

Even some government networks are lagging behind the times. That’s indeed the case with the U.S. Navy, which earlier this year just entered into a $9.1 million contract that would keep XP security patches and updates coming until 2017. England’s National Health Service also has a huge support contract for its large XP population. And according to Network World, the vast majority of ATMs run on XP, as well as 75 percent of water utilities, Forbes reported.

Three Things to Know About Windows XP

So what? There are always going to be companies that lag behind the latest operating system, and getting every desktop upgraded may not be possible due to tight budgets or reliance on legacy applications for compliance or certification reasons. However, things are somewhat different in 2015 from when XP first came alive in the early 2000s.

1. You’re More Likely to Be Infected

First, according to Microsoft, XP machines are six times more likely to be infected with malware than newer versions of Windows. And with Windows 10 being offered as a free upgrade for the next year, it might make sense to examine those last bastions of XP-dom and see if you can eradicate them from your businesses for good.

At a conference that I attended last year, Microsoft’s Craig Mundie said, “Even running one XP machine represents a major threat.” This is because Windows XP can’t be hardened to avoid today’s threats; it has many weaknesses. Many of the security programs have moved on from trying to protect XP endpoints for this reason.

2. XP Runs in More Places Than You Might Think

Windows XP can be found in some surprising places, including many customized applications where OS updates aren’t yet available. At one hospital complex, a help desk employee told me that they have plenty of XP desktops around and can’t easily upgrade them anytime soon. There also are numerous point-of-sale (POS) terminals, ticket kiosks, video conference rooms, traffic cameras and supermarket self-checkout lanes (these have enough problems as is) that may run on the operating system.

Take a look at the collection chronicled in the Public Computer Errors board. I am sure you can think of other places XP might be lurking. Getting rid of these threats in your enterprise will take time and a lot of effort, especially if the vendors that originally manufactured the machines are no longer in business.

3. The IoT Contributes to the Problem

Corporations are more heavily networked than they were even a few years ago, and this means that infections can be transmitted quickly throughout your infrastructure. Even if more modern operating systems aren’t compromised by a piece of XP-based malware, data stored on the network can be examined and copied. This adds to the argument for better behavioral analysis and advanced threat detection tools, too.

The early buzz is that the new Windows 10 is better and more solid than previous versions. It might be time for a major desktop refresh to get Windows XP out of your hair once and for all.

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…