Tonight will be the last round updates for Windows XP ever. It will now be trivially easy to take advantage of security flaws in Windows XP. See our previous post about upgrading.
The operating system is now 12 years old, so Microsoft is no longer providing security updates that patch holes in the software. The danger now is that hackers who find bugs in XP will be able to exploit them freely.
Windows XP isn’t just running on the dusty, discarded PC in your closet. It’s everywhere, threatening devices that store sensitive information and computers that keep the city lights on and water running.
An estimated 95% of bank ATMs run on XP. GE (GE, Fortune 500) Intelligent Platforms, which sells industrial software, discovered 75% of its utility customers still use it. Cybersecurity provider Cylance says one of its clients is a major hospital where XP is still on more than 100,000 devices, including computers that hold patient records.
“It’s literally everywhere still,” said Cylance chief scientist Ryan Permeh. “Every point that’s running XP is ripe for worms. They haven’t been much of a common occurrence in modern times, but any new vulnerability could result in mass infection with very little remediation.”
That includes point-of-sale systems at about 30% of retail stores, according to Greg Rosenberg, a security engineer at Trustwave. That lowers the bar to recreate the massive Target hack that happened late last year.
So, what do you do? It’s simple. Upgrade.
The best strategy is to use an operating system that still receives updates from Microsoft (MSFT, Fortune 500). For that, loading your computer with Windows 7 or Windows 8 will do. You’re better off with Windows 8, because Microsoft plans to keep supporting it until 2023.
If you’ve been holding off because of Windows 8’s missing start button, have no fear. Microsoft is adding that feature in the next update. Plus, the company is giving away $100 in credits for new PCs.
If that isn’t reason enough, try this: Windows XP computers are already six times more likely to get infected, by Microsoft’s account.