Windows XP Cyber Time Bomb set for April 8, 2014

January 032014
Windows XP Cyber Time Bomb set for April 8, 2014

By Bill Lydon, Editor

The huge installed base of automation software running on Windows XP will be vulnerable to cyber-attacks with the end of Windows XP support April 8, 2014. Windows XP accounts for more than 30 percent of all operating systems deployed, according to Net The implication is that the computers running XP will be more vulnerable to cyber-attacks. Among all the discussion of cyber security issues and protection methods, the end of Windows XP support is potentially the largest single event to accelerate increased automation system downtime due to viruses and malware. More than 12 years old, Windows XP is the longest supported version of Windows ever and therefore is the most used in industrial automation systems.

Windows 7 Virtual XP Mode

Some companies are using the Virtual Windows XP mode in Windows 7 to improve performance and keep legacy software running. The code of the Virtual Windows XP Mode is on the same support lifecycle timetable as Windows XP and will also be ending April 8, 2014. For more info, see the Windows lifecycle fact sheet. Microsoft notes that the Virtual Windows XP Mode was primarily designed to help businesses move from Windows XP to Windows 7 and has limitations, including some hardware that might not be detected or work in Windows XP Mode. Windows 7 and 8 software drivers for older industrial automation protocols are already a problem becasue they block upgrades. Windows 7 Mainstream support ends January 13, 2015 and extended support ends January 14, 2020.

The Microsoft site has a page that discusses the Why? - What? - How? about the end of XP. Here is a summary of the information:

Why? - The site states, “Windows XP SP3 and Office 2003 will go out of support on April 8, 2014. If your organization has not started the migration to a modern desktop, you are late.”

What? – “It means you should take action. After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. Running Windows XP SP3 and Office 2003 in your environment after their end of support date may expose your company to potential risks…”

How? – This section describes information sources, services, and resources for migration to new or Microsoft operating systems. Microsoft notes that regarding upgrading newer operating systems, “Based on historical customer deployment data, the average enterprise deployment can take 18 to 32 months…”

Virtualized Systems

There has been a trend to run Windows XP-based industrial automation software on virtualized platforms, but these are just as vulnerable. The Windows XP operating system code run in the virtualized environment is the same and will not be supported. In this environment the XP operating system software still communicates with virtual and real networks, exposing them to attack. The notion of harmful cyber code “living” in a virtual environment probing for ways to get at the other software in that computer represents significant threat potential. Virtualized systems are relatively new but are under cyber-attack. For example, VMware has released a number of patches that fix vulnerabilities in a number of its products. If you keep running XP in this environment, you’re increasing the support burden to configure, manage, and secure these images while being exposed to increased cyber risk.

What are your options?

Ignoring the issue increases the risk, since no new security patches for vulnerabilities will be available. It is obvious that the “bad guys” are always learning how to exploit software, and the ongoing patches to “plug holes” will no longer be available. In most applications, isolating applications running on Windows XP is not practical. The most sensible but costly thing to do is upgrade software to run on Windows 7 or 8.

Have you factored Windows XP migrations into your budgets?


Related Articles