Met Police runs 18,000 XP machines

Force's widespread use of vulnerable OS sparks fear of more cyber attacks


More than half of London's Metropolitan Police's PCs still run the outdated Windows XP operating system, which was the subject of emergency patches to address critical hacking attacks, new figures reveal.

The force still runs 18,293 XP machines after Microsoft retired the operating system from software updates in 2014, and has updated just 14,450 to Windows 8, and a paltry eight machines to Redmond's latest OS, Windows 10.

Advertisement - Article continues below

The information was uncovered by London Assembly member Steve O'Connell, who also acts as the Greater London Authority Conservatives' spokesman for policing and crime, through a written query to Mayor of London Sadiq Khan.

"The recent cyber attacks on Parliament and the NHS show what a serious matter this is," O'Connell said. "The Met is working towards upgrading its software but in its current state it's like a fish swimming in a pool of sharks."

While Microsoft stopped issuing patches for XP three years ago, the WannaCry ransomware attackin Maythat affected NHS trusts amid other targets led the firm to push out emergency fixes to XP too, even though most NHS computers were running Windows 7.

"The recent patch issued by Microsoft and the ICO audit [of Met data protection compliance that criticised the force's use of XP] shows there is significant industry concern," O'Connell added. "It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber attack with nationwide security implications."

Advertisement - Article continues below
Advertisement - Article continues below

Continued use of XP has been widely criticised by security experts as well as by the ICO, which warned that the Met's failure to upgrade meant that the secure handling of personal data could be put at risk.

In 2015 the Met was still running XP on 35,000 computers, and interim CTO Stephen Deakin toldIT Pro that he was busy migrating mission-critical applications to Windows 8.1, from which the Met could make the jump to Windows 10, which clearly hasn't happened yet.

A 5.5 million custom support deal struck between the government and Microsoft for an extra year of support for public bodies running XP ended without being renewed, and IT Pro has asked the Met whether it has another support deal in place.

However, while the force has been making efforts to upgrade its IT estate, those upgrades could soon be outdated themselves.

Windows 8.1 reaches end-of-life in January of next year, meaning that Microsoft will cease issuing security updates, critical patches and bug fixes for the software. Unless the Met has purchased an Extended Support contract with the tech giant, its 'upgraded' PCs could be just as vulnerable as its XP-based computers in less than six months.

Advertisement - Article continues below

The Met is evidently not alone, however; a recent survey from Spiceworks revealed that more than half of businesses are running at least one instance of Windows XP within their organisation, with almost 70% of IT professionals citing a lack of future security patches as their biggest concern about using unsupported operating systems.

Patching's importance was underlined by another global ransomware outbreak currently underway in the form of Petya, which takes advantage of a Windows exploit that has been patched, but not everyone has updated their software to include the fix.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020