Monday, September 2, 2013

Windows XP - End of Life Risk

Microsoft has announced that Windows XP will become end of life April 8, 2014 which means no more critical or security updates.  Despite this many organisations still do not have a clear plan in place on how to get client computers off Windows XP before this date.

As a an IT Professional I believe come April 8, 2014, companies still running Windows XP will be hit with a large spread of zero day exploit viruses - something which will go down in history.  For those of you who remember all the hype in the media regarding Y2K bug with the clocks ticking over to a new century and the computers no longer working - whilst there was an impact with the clocks turning over the impact was relatively low.  However with the Windows XP end of life date, I believe this is a huge risk which can cause billions of dollars of productivity loss.  Despite this huge risk, there has been little media coverage around it.

I have just made some very big statements such as "Chaos" and "Billions of dollars of productivity loss" - now I need to explain the facts behind my beliefs.

Today as of this writing there are over 21 million viruses according to virus definition signatures provided by lead anti-virus companies such as Symantec corporation.  Most of these viruses need to be executed on a workstation for infection to take effect - a virus will do nothing if the code is not executed!  There are numerous methods cyber criminals trigger unwanted code execution for viruses some including:
  • Fake Ads and URL Links which lead to viral code executing
  • Autorun files and USB keys which automatically run on the users workstation
  • Peer to Peer applications which spread viruses to individuals
  • Mass emailing worms which spread viral code through the use of email attachments
  • Microsoft office files which contain macro virtual code
All these methods of infection trick or silently execute viral code on user workstations to install the virus.  As all means are legitimate ways of launching code on computer systems and as a result companies can put in place methods which circumvent viruses being installed including:
  • Removing the local admin rights which ensure viruses do not have permissions to infect beyond the users profile.
  • Disabling autorun from computers to stop USB viruses from spreading
  • Putting in place advanced spam filtering technologies to ensure viral attachments are not executed.
  • Pushing out enhanced security policies to workstations on the network.
Out of the 21 million viruses, only a handful have been known as malicious zero day exploits.  Zero day exploits are viruses which exploit an operating system vulnerability to automatically copy themselves from computer to computer over a network providing security and anti-virus companies with zero days to prepare.  Zero day exploits generally perform Buffer Overflow attacks creating vulnerabilities in core system services by overwriting adjacent memory blocks outside of an applications working set.  When the system goes to call code in memory, the code has altered and as a result it executes miscellaneous code which creates a system vulnerability to infect a machine.

The only way to stop a zero day exploits is to patch the security vulnerability in the operating system to ensure the zero day exploit can no longer buffer overflow the vulnerability in the operating system/application.

Over the years there has been a number of zero day exploits which have hit including Conficker, MS Blaster and Stuxnet - a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities.  All these viruses were able to spread by performing buffer overflows to simply hop from computer to computer bypassing corporate security measures.

Finding a zero day exploit in an operating system is a difficult task which can take months or years of testing and reverse engineering of compiled code.  Cyber criminals spend large amounts of time researching and performing trial buffer overflows until the right exploit can be identified which can trigger remote code execution.  As soon as the buffer overflow is identified, it can only be used once.  As soon as it is used IT security companies become aware and software companies such as Microsoft patch their software making the buffer overflow useless.

As a result these zero day exploits are worth a lot of money to the right buyer and there is no doubt there are many out there which have been identified but not yet been used.  This can be shown in the following article "Microsoft Said To Give Zero Day Exploits To US Government Before It Patches Them":

http://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml

With the end of Windows XP date becoming so close, it is unlikely we will see many zero day exploits be released unless it is for a targeted purpose such as Stuxnet.  After the Windows XP end of life date I believe we will see a large number of exploits appear for Windows XP and no backing support from Microsoft.  Who knows, if I am correct and the world is hit by a large number of zero day exploit attacks against Windows XP after the end of life date, Microsoft may be forced to go back on this announcement and fix these patches.  If this happens, as for Windows XP, we may be seeing this around for years to come yet...

In summary I believe it is a huge risk to organisations to maintain Windows XP workstations after the April 8, 2014 deadline.  The best thing to protect your business is to get off Windows XP now!

It will be very interesting to see what happens...

4 comments:

  1. It begins, the first zero day exploit not patched in XP 28-04-2014:

    http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild

    ReplyDelete
    Replies
    1. buying windows 7 product key , change product key window 7 ultimate to professional , windows 7 professional 64 bit product key , windows 8 enterprise key forever , windows 10 pro product key sale , server 2008 datacenter key , windows 7 ultimate sp1 product key 32 bit free download , windows 8.1 professional key , ln7gu2

      Delete
  2. There may be minor doubting the fact that until this group will certainly grow tremendously following on from the primary launch afterwards this spg, even so the first creations available would be individuals pictured here. Those of you that recognize the form in addition to construct on the collection however have spent the nights at bay just for reasons regarding snapshot or maybe proportions, now is the time to help reexamine. Your follow can take a large amount of imagery as a result small children a number of the problems and cheats of the fact that pros make use of right after they get many software at his or her convenience. Something you will possibly not be aware of is usually that the majority of the time timepieces ship to guru shooters you should not have even a good ravenscroft crystal established. This is a useful online video media which will programs an era lapse mechanisms for a watch photograph appearing switched throughout the gorgeous method of image millions regarding many of us will see as well as respect. No matter what, a see given the assurance us which will this is usually a brand new assortment of which enjoy is liable for replica cartier watches uk, and also regardless of the sophisticated mobility and also beautiful demo, this particular wrist watch is not really possibly even the particular star for the arranged nonetheless this really is moreover an account meant for a different content. I truly do not want who to earn the following product certainly not sound essential, due to the fact often oahu is the most important completely new observe includes discharged. Is not merely particularly delightful, yet a proof connected with where this product is headed above the upcoming decade a fabulous exquisite appearance the fact that advances the general come to feel for looks after which has an emphasis on extra attainable haute horology. To put it simply it is actually a center on precisely what aspects to incorporate right observe to help wrap this throughout which consists of traditions like a creating guitar designer. That see certainly is the term from the product prominent and additionally cultural collection. Experts agree it is put on designer watches prior to when replica breitling uk, nevertheless the gallery is a innovative family of pieces by using a glimpse in which. Very well some sort of glimpse this actually seems nearly as bad as a wrist watch. At this point nothing at all is in the least bad repair, plus it seems sensible provided with past. Moreover it shows that in this way which is her eye-sight with regard to a minimum of lots of just what exactly the particular different watches might supply no less than inside the mid-range. Your tricky part is certainly in which timepieces always delivers together entry-level and extremely high-end pieces of their series. A new watch for instance designer supplied the country concept not to mention movement translates into a fresh specialized niche pertaining to by itself during the product wax replica watches.

    ReplyDelete
  3. Now it's the ara of windows 8 application development. Windows XP have been thrown into the old versions of windows that people don't prefer now.

    ReplyDelete