Met Police runs 18,000 XP machines

Force's widespread use of vulnerable OS sparks fear of more cyber attacks


More than half of London's Metropolitan Police's PCs still run the outdated Windows XP operating system, which was the subject of emergency patches to address critical hacking attacks, new figures reveal.

The force still runs 18,293 XP machines after Microsoft retired the operating system from software updates in 2014, and has updated just 14,450 to Windows 8, and a paltry eight machines to Redmond's latest OS, Windows 10.

The information was uncovered by London Assembly member Steve O'Connell, who also acts as the Greater London Authority Conservatives' spokesman for policing and crime, through a written query to Mayor of London Sadiq Khan.

"The recent cyber attacks on Parliament and the NHS show what a serious matter this is," O'Connell said. "The Met is working towards upgrading its software but in its current state it's like a fish swimming in a pool of sharks."

Advertisement - Article continues below
Advertisement - Article continues below

While Microsoft stopped issuing patches for XP three years ago, the WannaCry ransomware attackin Maythat affected NHS trusts amid other targets led the firm to push out emergency fixes to XP too, even though most NHS computers were running Windows 7.

"The recent patch issued by Microsoft and the ICO audit [of Met data protection compliance that criticised the force's use of XP] shows there is significant industry concern," O'Connell added. "It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber attack with nationwide security implications."

Continued use of XP has been widely criticised by security experts as well as by the ICO, which warned that the Met's failure to upgrade meant that the secure handling of personal data could be put at risk.

In 2015 the Met was still running XP on 35,000 computers, and interim CTO Stephen Deakin toldIT Pro that he was busy migrating mission-critical applications to Windows 8.1, from which the Met could make the jump to Windows 10, which clearly hasn't happened yet.

A 5.5 million custom support deal struck between the government and Microsoft for an extra year of support for public bodies running XP ended without being renewed, and IT Pro has asked the Met whether it has another support deal in place.

However, while the force has been making efforts to upgrade its IT estate, those upgrades could soon be outdated themselves.

Advertisement - Article continues below

Windows 8.1 reaches end-of-life in January of next year, meaning that Microsoft will cease issuing security updates, critical patches and bug fixes for the software. Unless the Met has purchased an Extended Support contract with the tech giant, its 'upgraded' PCs could be just as vulnerable as its XP-based computers in less than six months.

The Met is evidently not alone, however; a recent survey from Spiceworks revealed that more than half of businesses are running at least one instance of Windows XP within their organisation, with almost 70% of IT professionals citing a lack of future security patches as their biggest concern about using unsupported operating systems.

Patching's importance was underlined by another global ransomware outbreak currently underway in the form of Petya, which takes advantage of a Windows exploit that has been patched, but not everyone has updated their software to include the fix.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020