This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
3. - Enterprise security management issues : Read more in this section
- RSA announces Managed Security Partner program
- Strikes, fouls aplenty in 2014 RSA Conference boycott
- Is the RSA conference still relevant?
- Standardization key to future security, say experts
- 2014 RSA Conference attendance indicates business as usual
- Coviello rejects rumors of deal with NSA
- Microsoft urges businesses on Windows XP to migrate
- RSA 2014: HP exec says security threat analysis should guide strategy
- Information security incident response teams need plans and partners
Explore other sections in this guide:
Organisations running Windows XP service pack 3 should migrate to a more recent operating system (OS) as soon as possible, according to Tim Rains, director of trustworthy computing at Microsoft.
“I expect a significant increase in malware infection rates on Windows XP machines after support for service pack 3 is discontinued in April 2014,” he told attendees of RSA Conference 2014 in San Francisco.
Rains said attackers are highly likely to reverse-engineer security updates released for Windows 7 and Windows 8 and attempt to use them as zero-day exploits against machines running Windows XP.
Vulnerabilities in newer versions of Windows tend to affect earlier versions as well, he said, making it likely that attackers will use this approach to target Windows XP machines.
“Between July 2012 and July 2013, there were 30 vulnerabilities discovered in the later operating systems that were common to XP, so the risk is high,” said Rains.
Microsoft statistics show the malware infection rate of XP machines running service pack 2 increased 66% after support was discontinued.
Read more about Windows XP end of support
“I expect a similar increase for machines running Windows XP service pack 3 once support is discontinued,” said Rains.
Although support for Windows XP officially ends 8 April 2014, Microsoft has indicated that it will continue to provide malware support on XP until 14 July 2015 to help organisations complete their migrations.
The malicious software removal tool will continue to run and machines with Microsoft Security Essentials installed before 8 April 2014 will continue to receive malware signature updates, until 14 July 2015.
Clive Longbottom, an analyst at Quocirca agrees that businesses should seriously consider their options if they are still running the Windows XP OS.
“With an ageing security architecture and a lack of full support, Windows XP will be a major platform for hackers to attack,” he said.
Longbottom believes this could be an opportunity for security suppliers to provide bolt-on security to try to stop the attacks.
“But for organisations, it should be the wake-up call to move to a more modern operating system that will be less open to such attacks,” he said.