Some 10 percent of all government computers still will be running Microsoft’s (MSFT) Windows XP after the April 8 technical support end date, leaving hundreds of thousands of agency systems—many holding sensitive information—open to attacks from cyber intruders.
The Washington Post reported that estimates of Windows XP machines run as high as 10 percent of government computers out of what was described as “several million,” including systems operating on top secret military and diplomatic networks housing highly sensitive material. They will be partly defenseless to repel attacks once Microsoft no longer produces fixes or provides technical assistance to support the XP operating system.
The report, citing security experts, said cybercriminals are aware of XP’s weaknesses and are ready to kick attacks into high gear.
The Post reported that federal agency officials asked Microsoft to extend support beyond the April 8 deadline but the vendor refused and countered with a proposal that the government purchase custom, extended warranties for the OS, an option the feds declined.
“For all the money we collectively give Microsoft, they were not too receptive to extending the deadline,” said an unnamed State Department official quoted by The Post. “There was some grumbling that they were not willing to extend.”
The next and last Patch Tuesday to include XP security fixes is on the April 8 end support date. On March 11, Microsoft released five security updates to users, four of which affected Windows XP users. Microsoft has admitted that no longer shipping patches for XP’s known security vulnerabilities could expose millions of users still deploying the platform to a heightened level of hacker attacks.
"After April , when we release monthly security updates for supported versions of Windows, attackers will try and reverse-engineer them to identify any vulnerabilities that also exist in Windows XP," Tim Rains, Microsoft Trustworthy Computing group director, recently said. "If they succeed, attackers will have the capability to develop exploit code to take advantage of them."
Microsoft typically supports its earlier OS versions for 10 years but Windows XP’s massive installed base may have prompted the vendor to extend security and technical support well beyond its standard cutoff date. The 12-year-old XP OS predates Windows 7, Windows 8 and Windows 8.1. Even at this point, Windows XP still commands a 29 percent stake worldwide of installed operating systems, with Windows 7 owning the market with a 48 percent share—more than four times the combined portions of Windows 8 and Windows 8.1, according to NetMarketShare’s Q1 2014 data to date.
The Post said that tight budgets and a lack of interagency coordination have hampered the government’s transition from XP. The Department of Homeland Security (DHS) and the White House’s Office of Management and Budget (OMB) are responsible for enacting the OS upgrade and reportedly have had a transition plan in place for nearly two years.
DHS reportedly said it will upgrade all of its computers off of XP by April 8 but the Department of Defense (DoD) and State Department said the expectation was to upgrade more than 75 percent of its estimated 230,000 systems by the cutoff date.