It was reported today that, according to a freedom of information response, more than £14m has been spent on upgrading Wi-Fi and video equipment across the criminal court estate since 2016 under the HM Courts & Tribunals Service reform program.
Yet despite this investment, Windows XP, Microsoft’s obsolete operating system, which is not being updated with security patches, is still in use in the criminal court estate.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Using an unsupported operating system is the equivalent of sitting on a ticking time-bomb. Lack of support means that by default, security patches will not be provided for new vulnerabilities.
WannaCry was a notable exception, where due to the severity and impact of the vulnerability, Microsoft actually did provide a patch for Windows XP even though it was no longer supported – but this should be seen as a once-off action by Microsoft rather than something that can be relied upon going forward.
As if using an unsupported OS wasn’t bad enough, there was a recent leak of the Windows XP source code only a few weeks ago. This will provide threat actors additional valuable intel for crafting new vulnerabilities and exploits – instead of having to try and figure out how to break into the bank, they now have the advantage of being able to view the architectural and electrical plans in advance.
Needless to say, the recommendation is to migrate systems onto a supported OS as a matter of urgency.