One month to go before XP patches are discontinued

It’s not looking good either.

Next month will see Microsoft remove support from the venerable stalwart that is XP. That means that XP will no longer be patched, although its offspring will be, providing clues to potential weaknesses in the old girl’s defences to the bad guys.

How bad can this be? we hear you cry, surely most issues with good old XP have been fixed by now. Unfortunately not.

This patch Tuesday (11/03/14), Microsoft released a swathe of patches for Windows and Internet Explorer many of which have been seen ‘in the wild’ which enable hackers to run code on your machines without even asking.

Internet Explorer is looking like a fantastic attack vector for hackers and this week’s patches fix no fewer than 18 exploitable issues that enable malicious code stored on web sites (probably also hacked – see last weeks TOTW) to control your machine. We believe that we have seen some malware with this exact vector very recently, be vigilant.

Obviously we recommend that you implement the MS patches as soon as you can, if not sooner, you should probably be doing that rather than reading this if the truth is told.

You should also get off XP before the end of April. We know it is hard but if you don’t you will be a sitting duck and it matters not that Microsoft’s reputation for security will be in tatters, more tatters, err, worse than it currently is. You will be taken down.

ITC recommends the use of Network Access Control technology from the lovely people at ForeScout. Fully integrated into our NetSure360 managed service, this technology allows you to control what can connect to your network and whereabouts in your network it resides.

We will be recommending that all of our customers with this solution deployed identify and report on Windows XP machines still connected to the network post April, and if they can’t be upgraded, shot or otherwise removed that they are forced into a dark room with limited access to the rest of the network controlled by layer 2 Vlan and firewall rules.

We guarantee that within the next 12 months this blog will be covering a security breach based around an XP/IE exploit. Please don’t let that be you.

If you wish to discuss this or anything about infrastructure security, please contact us on: [email protected] or 0207 5173900