Microsoft warns of Windows XP zero day vulnerability

Redmond urges businesses to migrate to Windows 7 or 8 to avoid zero-day flaw.

Danger sign

Microsoft continues to urge Windows XP users to upgrade to either Windows 7 or Windows 8 before support for the older operating system ends in 2014.

When support for Windows XP ends in April 2014, systems running the OS will effectively have a 'zero date' vulnerability forever, warned Tim Rains, a director of Microsoft's Trustworthy Computing group.

"When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update," Rains noted in a blog post entitledThe risk of running Windows XP after support ends April 2014'.

"But after April 8, 2014, organizations that continue to run Windows XP won't have this advantage over attackers any longer."

Rains claimed hackers will reverse engineer updates in the first security package released after XP is no longer supported as soon as it is issued and attempt to apply them to the older operating system.

"Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a 'zero day' vulnerability forever," he said.

"As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago. But ... the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see," Rains added.

Microsoft began a countdown for the end of Windows XP support in July 2011. With one year to go before the end of support, on 8 April 2013, the company also warned 600 million PC users would be at serious risk if they did not upgrade to a more recent operating system.

However analyst house Ovum said in users should not feel pressured to upgrade to Windows 7 or 8.

"If we assume that Windows XP systems have the latest patches, fixes and up-to-date security software installed ... there is no reason to believe that life after [April 2014] will be any different than before," Richard Edwards, principal analyst at Ovum said.

Nevertheless, Rains concluded his blog post by warning "organisations need a level of certainty about the integrity of their systems. Minimising the number of systems running unsupported operating systems is helpful in achieving that".

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
New DNS vulnerabilities put millions of IoT devices at risk
Internet of Things (IoT)

New DNS vulnerabilities put millions of IoT devices at risk

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021