With official support for Windows XP set to end on April 8th, what are the biggest security fears and what should users do about it?
From an enterprise protection perspective, the fears of retaining usage of Windows XP are paramount. I will get back to that, but first let me say that from a private perspective, as a user of the Internet in today´s Internet of Things, Windows XP will remain a security and privacy nightmare. XP home PC’s will be turned into a mass-market for bots and privacy surveillance on a scope never seen before.
Back to the enterprise perspective. In all probability, A black-hat hacker or APT actor worth their money is probably right now sitting on at least 1, possibly many, 0day vulnerabilities for exploiting Windows XP. With the current time-gap between infection and detection, this means they are stockpiling ammunition to begin the world’s biggest ever hack-it-all campaign.
What will this mean for enterprises? There will be loss of data, for sure. Abuse of IT infrastructure to either spy, or even to use a springboard for compromising trusted partners, and this is even worse in my opinion. Some companies “white list” emails from trusted partners/users, so if you gain access to send emails to valuable targets from trusted partners, you might potentially circumvent the entire defenses of a company. Other potential consequences can be, among others, financial loss due to abuse of bank account access, spam-sending with potential IP blacklisting.
The bottom line is that for each of these 0days, no security patches will be forthcoming, so unless you take other steps to mitigate the risk of retaining enterprise use of Windows XP, you will be painting a big red X on your Intellectual Property and company.
Claus Cramon Houmann | IT Security Consultant | @ClausHoumann
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.