Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - Is Windows XP still around in your Network a year after Support Ended? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Is Windows XP still around in your Network a year after Support Ended?

Published: 2015-06-27
Last Updated: 2015-06-27 21:36:05 UTC
by Guy Bruneau (Version: 1)
9 comment(s)

This week Computerworld [1] published a story about the US Navy still paying Microsoft millions to support Windows XP when support ended April 8, 2014 [2] and soon Windows server 2003 will follow suit next month July 14, 2015.

Unless you are paying Microsoft to continue using legacy systems like WinXP, it is obvious that you would need to pay support to get patches and continue protecting you network against vulnerabilities that are no longer publically release to defend against potential compromised. This brings the cycle of modernizing custom applications used to support critical system that have been written on older platform and should have been part of a program to modernize, test and upgrade in time, to save million in support which I think in the end should save money. As an example, the Navy is paying a "[...] contract that could be worth up to $30.8 million and extend into 2017."[1]

Are you still supporting WinXP because of legacy applications and is there a plan to migrate them over Win7/Win8? If not, how are you protecting these clients against exploitation?

[1] http://www.computerworld.com/article/2939435/government-it/us-navy-paid-millions-to-stay-on-windows-xp.html
[2] https://www.microsoft.com/en-in/windows/enterprise/end-of-support.aspx

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

9 comment(s)
Diary Archives