Windows XP Migration: A Practical Guide
NCC Guidelines - Volume 4 - Number 4
On 8 April 2014 Microsoft Windows XP officially went ‘End of support’, and no further security updates or security patches will be made available. For most businesses still using Windows XP, this will be a major headache and could present some critical security challenges.
In this guide we provide information about the business issues around the use of XP, and some practical advice and guidance for managing the challenges ahead.
Put simply, the risks to most businesses and individuals still running Windows XP are as follows:
- Security updates will no longer be made available to protect XP from malicious software, spyware, data corruption, data theft or misuse by third parties or remote attackers.
- When new security exploits and security holes are discovered and fixed for other versions of Windows such as Vista, Windows 7 or 8, Windows XP will not receive any of those security patches even if the exploit and fix would be identical for XP as it would for all of the other versions of Windows.
- Exploits and vulnerabilities in Internet Explorer running on XP will also remain unpatched (as Internet Explorer is treated as a closely knit component of XP).
- Other vendors are likely to remove support for other programs and applications if they are running on XP (in reality this is an opportunity for other software vendors to force end users to buy new versions of their products and blame Microsoft).
- A chain is as strong as its weakest link. No matter how secure the rest of the computers are on your internal network, a single unpatched computer is all a remote attacker needs to gain access to the internal network and launch attacks, steal data or install malware on other computers inside the perimeter of your network.
- Knowingly ignoring the risks of running vulnerable software inside your organisation could leave you open to fines and litigation (the Data Protection Act, for example, can levy a fine of up to £500,000 per incident); or losing the ability to process financial transactions or credit card payments electronically (PCI DSS compliance for example).
- For publicly traded companies in the US, including all wholly owned subsidiaries and all publicly traded non-US companies doing business in the US, the Sarbanes-Oxley (SOX) legislation might also apply. SOX compliance may affect IT departments in three different ways in relation to ‘electronic records’. The first rule deals with destruction, alteration or falsification of records. The second rule defines the retention period for records storage. The third rule refers to the type of business records that need to be stored, including all business records and communications, including electronic communications.
Please click on product image below to view enlarged.
The prices shown below are the prices for the vat exempt product listed above.
Member Price: FREE
Your Price: £ 100.00