Met Police runs 18,000 XP machines

Force's widespread use of vulnerable OS sparks fear of more cyber attacks

Police

More than half of London's Metropolitan Police's PCs still run the outdated Windows XP operating system, which was the subject of emergency patches to address critical hacking attacks, new figures reveal.

The force still runs 18,293 XP machines after Microsoft retired the operating system from software updates in 2014, and has updated just 14,450 to Windows 8, and a paltry eight machines to Redmond's latest OS, Windows 10.

The information was uncovered by London Assembly member Steve O'Connell, who also acts as the Greater London Authority Conservatives' spokesman for policing and crime, through a written query to Mayor of London Sadiq Khan.

"The recent cyber attacks on Parliament and the NHS show what a serious matter this is," O'Connell said. "The Met is working towards upgrading its software but in its current state it's like a fish swimming in a pool of sharks."

While Microsoft stopped issuing patches for XP three years ago, the WannaCry ransomware attackin Maythat affected NHS trusts amid other targets led the firm to push out emergency fixes to XP too, even though most NHS computers were running Windows 7.

"The recent patch issued by Microsoft and the ICO audit [of Met data protection compliance that criticised the force's use of XP] shows there is significant industry concern," O'Connell added. "It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber attack with nationwide security implications."

Continued use of XP has been widely criticised by security experts as well as by the ICO, which warned that the Met's failure to upgrade meant that the secure handling of personal data could be put at risk.

In 2015 the Met was still running XP on 35,000 computers, and interim CTO Stephen Deakin toldIT Pro that he was busy migrating mission-critical applications to Windows 8.1, from which the Met could make the jump to Windows 10, which clearly hasn't happened yet.

A 5.5 million custom support deal struck between the government and Microsoft for an extra year of support for public bodies running XP ended without being renewed, and IT Pro has asked the Met whether it has another support deal in place.

However, while the force has been making efforts to upgrade its IT estate, those upgrades could soon be outdated themselves.

Windows 8.1 reaches end-of-life in January of next year, meaning that Microsoft will cease issuing security updates, critical patches and bug fixes for the software. Unless the Met has purchased an Extended Support contract with the tech giant, its 'upgraded' PCs could be just as vulnerable as its XP-based computers in less than six months.

The Met is evidently not alone, however; a recent survey from Spiceworks revealed that more than half of businesses are running at least one instance of Windows XP within their organisation, with almost 70% of IT professionals citing a lack of future security patches as their biggest concern about using unsupported operating systems.

Patching's importance was underlined by another global ransomware outbreak currently underway in the form of Petya, which takes advantage of a Windows exploit that has been patched, but not everyone has updated their software to include the fix.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021
150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
Can Pat Gelsinger get Intel back on track?
chief executive officer (CEO)

Can Pat Gelsinger get Intel back on track?

13 Jan 2021