Microsoft has announced that Windows XP will become end of life April 8, 2014 which means no more critical or security updates. Despite this many organisations still do not have a clear plan in place on how to get client computers off Windows XP before this date.
As a an IT Professional I believe come April 8, 2014, companies still running Windows XP will be hit with a large spread of zero day exploit viruses - something which will go down in history. For those of you who remember all the hype in the media regarding Y2K bug with the clocks ticking over to a new century and the computers no longer working - whilst there was an impact with the clocks turning over the impact was relatively low. However with the Windows XP end of life date, I believe this is a huge risk which can cause billions of dollars of productivity loss. Despite this huge risk, there has been little media coverage around it.
I have just made some very big statements such as "Chaos" and "Billions of dollars of productivity loss" - now I need to explain the facts behind my beliefs.
Today as of this writing there are over 21 million viruses according to virus definition signatures provided by lead anti-virus companies such as Symantec corporation. Most of these viruses need to be executed on a workstation for infection to take effect - a virus will do nothing if the code is not executed! There are numerous methods cyber criminals trigger unwanted code execution for viruses some including:
- Fake Ads and URL Links which lead to viral code executing
- Autorun files and USB keys which automatically run on the users workstation
- Peer to Peer applications which spread viruses to individuals
- Mass emailing worms which spread viral code through the use of email attachments
- Microsoft office files which contain macro virtual code
All these methods of infection trick or silently execute viral code on user workstations to install the virus. As all means are legitimate ways of launching code on computer systems and as a result companies can put in place methods which circumvent viruses being installed including:
- Removing the local admin rights which ensure viruses do not have permissions to infect beyond the users profile.
- Disabling autorun from computers to stop USB viruses from spreading
- Putting in place advanced spam filtering technologies to ensure viral attachments are not executed.
- Pushing out enhanced security policies to workstations on the network.
Out of the 21 million viruses, only a handful have been known as malicious zero day exploits
. Zero day exploits are viruses which exploit an operating system vulnerability to automatically copy themselves from computer to computer over a network providing security and anti-virus companies with zero days to prepare. Zero day exploits generally perform Buffer Overflow
attacks creating vulnerabilities in core system services by overwriting adjacent memory blocks outside of an applications working set. When the system goes to call code in memory, the code has altered and as a result it executes miscellaneous code which creates a system vulnerability to infect a machine.
The only way to stop a zero day exploits is to patch the security vulnerability in the operating system to ensure the zero day exploit can no longer buffer overflow the vulnerability in the operating system/application.
Over the years there has been a number of zero day exploits which have hit including Conficker
, MS Blaster
- a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. All these viruses were able to spread by performing buffer overflows to simply hop from computer to computer bypassing corporate security measures.
Finding a zero day exploit in an operating system is a difficult task which can take months or years of testing and reverse engineering of compiled code. Cyber criminals spend large amounts of time researching and performing trial buffer overflows until the right exploit can be identified which can trigger remote code execution. As soon as the buffer overflow is identified, it can only be used once. As soon as it is used IT security companies become aware and software companies such as Microsoft patch their software making the buffer overflow useless.
As a result these zero day exploits are worth a lot of money to the right buyer and there is no doubt there are many out there which have been identified but not yet been used. This can be shown in the following article "Microsoft Said To Give Zero Day Exploits To US Government Before It Patches Them":
With the end of Windows XP date becoming so close, it is unlikely we will see many zero day exploits be released unless it is for a targeted purpose such as Stuxnet. After the Windows XP end of life date I believe we will see a large number of exploits appear for Windows XP and no backing support from Microsoft. Who knows, if I am correct and the world is hit by a large number of zero day exploit attacks against Windows XP after the end of life date, Microsoft may be forced to go back on this announcement and fix these patches. If this happens, as for Windows XP, we may be seeing this around for years to come yet...
In summary I believe it is a huge risk to organisations to maintain Windows XP workstations after the April 8, 2014 deadline. The best thing to protect your business is to get off Windows XP now!
It will be very interesting to see what happens...