A new wave of targeted attacks against serious vulnerabilities in Internet Explorer have exposed the increased risk facing organizations still clinging onto Windows XP (the ten year old operating system that Microsoft stopped supporting this month.) To that point, Microsoft issued a security advisory on Sunday, warning that every supported version of Internet Explorer is impacted by the vulnerabilities. One thing is almost a certainty; Windows XP users won't likely receive the critical updates from Microsoft.
Microsoft has said for a few years now why you need to move off of XP, these kinds of vulnerabilities are going to continue to exist and if you're running on an unsupported operating system you are going to be increasingly exposed to more threats over time. Unfortunately businesses continue to cling onto Microsoft Windows XP and despite declining numbers, ANP still have an estimated 10 percent of businesses have systems running the retired operating system. I believe its security events like these that give IT management some additional ammunition to show there is some risky exposure to the business. I often see it’s difficult for IT to get the businesses to spend money on an operating system upgrade unless the owner sees tangible benefits. This should be a red flag for the business owner! It's an example of what is going to happen continually over the next two to three years if businesses don't upgrade and retire Windows XP.
A few months ago ANP suggested a mixture of application white listing, network VLAN segmentation and other measures to restrict Windows XP systems (that are still in production within your company) and isolate them from critical parts of your network such as your server farm. Businesses also need to proactively monitor the networks to ensure that architecture changes don't introduce a way for attackers and viruses to move from one network segment to another.
All users, including those still running Windows XP, need to consider an alternate browser to effectively negate the specific attack; I personally prefer Google Chrome to Internet Explorer and use it on my PCs and Mac’s. But there are other browser alternatives, such as Mozilla Firefox. On Sunday Microsoft was suggesting deploying their Enhanced Mitigation Experience Toolkit; and although it is a good solution, it’s a huge amount of deployment work plus care and feeding of the application to continue to get the benefit it can provide. I keep asking myself, why bother with these expensive, difficult and time consuming work-around solutions? Why not either upgrade your XP machines to Windows 7 or if the machine is really old (greater than 5 years) then simply replace it with a new OEM version of Windows 7 on a new PC?
Please let me know if we can help you in any way in regards to mitigating Windows XP issues.
