Skip to main content
Report this ad

See also:

Windows XP support ends: 10 options for business security

Windows XP custom support options are available for businesses that need an extension to upgrade to a newer OS platform
Windows XP custom support options are available for businesses that need an extension to upgrade to a newer OS platform
Photo by Tim Matsui/Getty Images

Microsoft Windows XP supports ends beginning Tuesday (April 8), which means no more security updates for the 12-year-old operating system (OS). Large institutions that missed the deadline to upgrade to a more recent OS such as Windows 7 or Windows 8, can opt for custom support.

As PCWorld reports (April 7), businesses that have a Microsoft Premier Support account are eligible for an extension of Windows XP support. The continued service comes at a price, case by case per business, ranging from $600 thousand to $5 million per year according to Gartner technology analysts.

According to, the Dutch government is reportedly taking advantage of Microsoft’s custom support option for Windows XP, signing a multi-million euro deal with the software maker. The UK government is also receiving an extension and agreed to pay Microsoft over £5.6 million for another year of continued Windows XP support.

Gartner reports that one-third of enterprises, including banks, still use Windows XP for over 10 percent of their systems. For big businesses, this means trouble as the lack of Windows XP support leaves open doors for cybercriminals to attack vulnerable, outdated computer servers.

“While many customers have already completed their migrations to a modern OS, some large customers with complex Windows XP deployments may not have their migrations complete by April 8. To help those customers, we offer Custom Support for Windows XP as a temporary, last resort to help bridge the gap during a migration process to a modern OS, as the newest technologies provide the optimal chance to be and stay secure,” a spokeswoman for Microsoft said in a statement.

“Windows XP wasn't designed for today's mobile, always-connected lives, or for protecting businesses and individuals from the millions of new online security threats that have emerged," Microsoft’s general manager of Windows business group, Jason Lim said.

Gartner recommends that business IT professionals following list of 10 practices to reduce the risk of a security breach by the hands of hackers:

  1. Restrict Network Connectivity to the Minimum Possible: Protecting XP systems is easier when other systems can't communicate to them over the network, the primary vector for attacks.

  2. Implement an Application Control Solution and Memory Protection: This can be accomplished using a dedicated solution, a host-based intrusion prevention system (IPS), or Microsoft's Group Policy object (GPO)-based software restriction policies to establish a "lockdown" posture for XP to prevent the execution of arbitrary code.

  3. Remove Administrative Rights: This should be mandatory for all remaining users on Windows XP.

  4. Address the Most Common Attack Vectors — Web Browsing and Email: Remove Web browsing and email software from XP systems, and provide these capabilities from a server-based system that is up to date.

  5. Keep the Rest of the Software Stack Updated Where Possible, Including Office: Vendors of other software solutions and versions running on these XP systems may continue support. This further minimizes the vulnerable surface area that can be attacked.

  6. Use a network or host-based IPS to Shield XP Systems from Attack: Confirm that your IPS vendor will continue to research vulnerabilities and attacks on XP and provide filters and rules to block these attacks where possible.

  7. Monitor Microsoft: Microsoft will not publicly disclose if new vulnerabilities against XP are discovered (unless you have paid for custom support). However, pay particular attention to critical vulnerabilities that affect Windows Server 2003 as these will likely impact XP.

  8. Monitor Community Chat Boards and Threat Intelligence Feeds: Third-party threat intelligence feeds are an independent source of information. Communities of interest are expected to emerge specifically for sharing information related to XP.

  9. Have a Predefined Process Ready If an XP Breach Occurs: Have a plan to isolate XP workstations in the event of an attack that gains a foothold by quarantining these systems from a network perspective until mitigating steps are understood.

  10. Perform a Cost/Benefit Analysis: The cost and resources to implement the steps above might be better spent in accelerating the migration of the remaining XP systems, or it might be simpler to pay Microsoft for custom support.

Report this ad