April 8, 2014

Windows XP Put to Rest; The Beginning of "Forever Days"?

Carl Leonard Principal Security Analyst

XPMicrosoft will no longer provide software updates and technical support for Windows XP as of April 8, 2014. The end of Windows XP support should not come as a surprise to most users. Microsoft has a long history of ending support for variations of its operating systems. Although the company published a lifecycle chart showing the anticipated end-of-support dates for their OS, and despite the somewhat feverish rush to upgrade systems in many industries, Websense Security Labs telemetry indicates that XP is still widely deployed. Research suggests that Windows XP remains the second most popular operating system globally.

What does this mean for the threat landscape?

Any complex piece of software will contain vulnerabilities for cybercriminals to exploit. Operating systems and their associated applications are particularly prone to vulnerabilities because:

  1. It is incredibly challenging to conduct testing on all code routes due to the sheer complexity and vastness of the code.
  2. After a vulnerability is identified, a fix needs to be created and patched.

Malware authors often look to discover vulnerabilities, known as zero-day exploits, before software vendors or the security community are aware. Microsoft has been enhancing, updating and supporting Windows XP for close to 13 years. Over time, the industry identified hundreds of Windows XP common vulnerabilities and exposures (CVEs), including a new zero-day last week. Affecting Windows XP, it allowed remote code execution through a rich text format (RTF).

I am sure we will continue to see new Windows XP vulnerabilities. The only way to previously address Windows XP vulnerabilities was through the updating and patch process. Now that important line of defence is gone. With Microsoft ending support for Windows XP those patches will not be available.

Opportunistic cybercriminals have shown a penchant for pwning the low hanging fruit. If XP is the fruit, after April 8 this plum is effectively sitting on the ground. End-of-support means no new software updates. The term "forever-day" reflects the fact that zero-day vulnerabilities will remain unpatched forever more.

Websense Security Labs Recommendation

We have always recommended that organisations not rely on software patches alone to protect themselves. We highly recommend upgrading your operating system at your earliest convenience.

Malware authors know that businesses and consumers are still running Windows XP. These systems are especially vulnerable after April 8. We don't expect malware authors to unleash exploit code targeting these zero-days in the first few days after April 8. Instead, we believe they will wait to release exploit code selectively (think targeted attacks) and gradually (over a period of years).

The Websense Security Labs will continue to monitor for developments related to Windows XP, including monitoring for new zero-day exploits and vulnerabilities. Please follow us on Twitter (@websense‎ and @websenselabs). Also check out the Websense Security Labs' blog for breaking research alerts and further details of how Websense can help to protect you from all stages of the threat lifecycle.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.