A few weeks ago we posted a blog offering some stop-gap measures for customers to minimize the risk of their now-unsupported Windows XP devices until they can upgrade.
TechRepublic recently wrote an article stating that Windows XP posed an even larger threat than Heartbleed. Why? They explain it this way:
“Just as Y2K was a specific event, Heartbleed was just one vulnerability. It was identified, a patch was developed, and the world was put on notice. Now, we can move on. It was an isolated moment in time.
Windows XP, on the other hand, is now a permanent, ongoing ‘zero day’ vulnerability. If attackers are smart and stealthy, we may not even know how many vulnerabilities are discovered in Windows XP from this point on — or how critical they are. There won’t be any more patches or updates, so it’s permanently at risk.”
TechTarget published a helpful primer, “An Enterprise Guide to Windows XP Security After End of Updates for XP.” This guide contains useful resources for IT professionals who are creating a migration plan from XP:
Windows XP end-of-life triage: XP security tactics
A Windows XP migration can’t happen overnight, and many organizations find themselves having to secure XP in the interim, without XP updates from Microsoft. Is it even possible? While experts advise transitioning as soon as possible, this advice can help limit the risk until the migration is complete.
Whether your organization is fast-forwarding to its Windows XP upgrade or is already working on the transition, check out SearchSecurity’s best advice on making the business case, choosing which OS to upgrade to and ensuring the process is as smooth as possible.
The bottom line? Implement compensating controls to minimize your risk while you create an execute a plan to migrate off of Windows XP.