Wednesday, July 23rd, 2014
How To Mitigate Windows XP Security Risks
Microsoft stopped supporting Windows XP on April 8, 2014 which meant no more security updates, non-security hotfixes, free assisted support options and online technical content for Windows XP users. Without doubt, this can cause serious consequences for companies that still run Windows XP. But what are the major risks companies still using WinXp face and how to mitigate those risks?
Increased Attacks
When the support ended in April, the number of infections increased by 66%, leaving Windows XP exposed to attackers who find vulnerabilities by reverse-engineering security updates for newer versions. This way they can discover precisely where that weakness is and how the vendor repaired it.
Browser Risks
Users who still use XP are left behind because no later version of Internet Explorer® (IE) than IE8 is compatible with the platform. One solution is to use alternative browsers, but this may pose threats, too, due to browser exploits.
Vulnerable Endpoints
Another potential security danger is that vulnerable endpoints are used as launch pads for next-generation malware that outdated systems like XP might find difficult to handle. Any PC running it is a major weak spot leaving the system exposed to highly targeted attacks using software exploits to get into the systems.
Business Costs and Consequences
Users who prefer not to switch to Windows 7 are familiar with the interface and know the platform inside out. However, this can cause unpredictable costs to businesses. The financial cost of maintaining Windows XP after support ended is rising due to availing custom support services. Administering, managing and using Windows XP systems are also significantly more expensive than doing the same for Windows 7. In terms of time management and costs that come with such, handling operational Windows XP system activities takes up a lot of resources, therefore inhibiting business continuity.
For companies that are using their Windows XP systems it is recommended to have an additional layer of protection stopping unwanted malicious applications on endpoints, like Trend Micro OfficeScan.
We still, however, advise users to upgrade to the newest Windows OS version.
Here are a few tips that help companies avoid future problems:
- Virtualise your Windows XP environment to have an additional layer of protection and more efficient management.
- Using RODC (Read-Only Domain Controller) like 2008, 2008 R2, 2012 or 2012 R2 on Windows XP LAN. We recommend using a domain controller on the same LAN switch connected to Windows XP systems to remotely manage systems more effectively without causing problems on the security of the entire network.
- Windows XP machines should not communicate outside the internal network. If so, Web proxy or an application-layer firewall should be used. Updates to third-party software should be done manually if needed.
- Companies should use alternate browsers.
- When new vulnerabilities are announced, patches are not released anymore because of EOL (End of Life) making it easy for exploits to target this vulnerability. Virtual patching is the answer here. Virtual Patching shields vulnerabilities in critical systems as permanent protection in the case of EOL or unpatchable systems. Solutions like Trend Micro Deep Security’s virtual patching help organisations save money by preventing system downtime, as well as by reducing the risk of breach disclosure expenses.
In this modern age of technology the process of attacking organisations is becoming more and more simplified causing massive damages. We always recommend users running vulnerability scans regularly (once a quarter) to check for breaches and stop unidentified threats from attacking their entire network.
You’ve got XP? Get Trend Micro 30 Day Free Trial and protect from vulnerabilities and attacks.
Identify Vulnerabilities And Mis-configurations On Your Network. Request a full vulnerability assessment now and reduce critical exposures. Smarttech247
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.