Saints or sinners?

The date: May 2014

The event: The last ever patch for Windows XP

The background: Microsoft gave the community seven years notice of the withdrawal of support for Windows XP. It was meant to end on 8th April 2014, but they chucked in an extra one for CVE-2014-1776 in May. And that they said, would be that.

That was of course, unless you took out a dedicated support contract with them, for which they would keep patching your XP, but not anybody else’s.  Cheers then, thanks very much, deliberately leaving systems vulnerable when patches were available. Cynical money making, or trying to drive progress? You decide.

“Seven years notice” we hear you say, “we were off XP months before the deadline and we work for the world’s smuggest and largest bank” we hear you say, “what eejuts are still on XP?”.

Well, it would seem that very large public services (like the NHS), possibly (and this is hearsay) submarines of the nuclear variety, packing a very deadly cargo, embedded machines in manufacturing equipment not to mention the home machines of many people in less developed countries. All running XP. No biggy.

So all of these people and organisations have been running vulnerable XP images. Until now.

The release of numerous Zero Day vulnerabilities by the so-called ‘Shadow Brokers’ and the fact that they are promising to release more of them to subscription customers (and we bet Microsoft is a customer!) seems to have prodded the beast into life.

Last week, Microsoft patched the WannaCry bug for XP and this week has gone further with a new release of patches for the aging software.

About time. How they can sit on bugs that might impact Health Services, innocent civilians in developing countries or heaven forbid the nuclear fleet we will never know.

Now that some semblance of common sense and ‘doing the right thing’ has come into play it is time for all you secret XP drinkers to do your bit.

As the lovely folk at Sophos’ Naked Security (and who doesn’t love a hacker with their kit off) say ” It’s a long time since there was a Patch Tuesday for XP and 2003, so dust off your old notes, remind yourself how to do it, and get busy!”

Alternatively, nip out and get some Apple Macs. Clearly soon to be under fire, but not just yet.

If you would like to speak to us about XP, your high score on MineSweeper (which you can post as a comment if you think you are hard enough), or anything else to do with information security, please contact us at: [email protected] or call 020 7517 3900.