Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Windows XP end of life, 12 months to go. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Windows XP end of life, 12 months to go.

The Microsoft Security Response Center put up a little note reminding people that windows XP will be out of extended support in 12 months time (http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx).  From April next year there will be no more security patches or updates to the operating system.  Reality teaches us that that many organisations will still have Windows XP running within their networks at that time.  So as security professionals we should probably put the risk of an unsupported operating system in the environment in the risk register. 

How big a problem will it be? That will depend on the issues that will no doubt be released in May 2014. With the XP install base still being quite large it is likely that there are vulnerabilities that people are sitting on and may not release until after Microsoft has stopped support.  So we should work on the assumption that:

  1. we wiill still have XP in the environment
  2. there are going to be vulnerabilities that exploit the OS. 

Some of the common techniques that we use today may help address the issue.  Application whitelisting should help protect the operating system, assuming the products will support XP going forwards. Network segmentation will help contain any issues in the environment.  But essentially we are going to have to look at the problem of having known compromised machines in the network that we may not be able to do much about. 

I've put up a poll asking "What are your plans when XP is no longer supported" feel free to provide additional comments in the poll or here. How will your organisation deal with this?

Mark H

Mark

391 Posts
ISC Handler
Harden, harden like you never hardened before. There are still NT4 and W2k in many environments, which run relatively safe after proper hardening. Whitelisting or specific system hardening software (with host firewall) help greatly, as well as limiting attack surface as far as possible by e.g. disabling any service not necessary to run the system's purpose.

Some whitelisting and hardening software still support NT4 and W2k, so I don't expect any issues with XP/2003 for some time. Also AV probably runs on XP for some time beyond Apr 2014.

Of course, primarily you should just migrate to W7 or W8, and put financial pressure on anyone not willing to do so.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!