How Microsoft will help Hackers attack Windows XP

Yesterday was Patch Tuesday, as usual Microsoft released a series of monthly security patches for its software.

Microsoft Security Bulletin Summary for February 2014.

Most notable in February's patch list, are the several 'Critical' patches, which resolve Remote Code Execution vulnerabilities in all versions of Microsoft Windows. This includes a specific security patch download for Microsoft Windows XP systems, demonstrating Windows XP vulnerabilities still keep on coming, but there is another really interesting point with these monthly Microsoft Security Bulletin announcements, which is they will aid hackers in attacking the Windows XP operating system.

How Microsoft will help Hackers attack Windows XP
Post 8th April 2014, Microsoft will be advertising to hackers a list of Windows XP vulnerabilities which will remain unpatched. As every time Microsoft announce fixes for newly discovered vulnerabilities within multiple versions of Windows operating systems, as Microsoft did yesterday, they will be in effect listing these new vulnerabilities are present and will remain unpatched on Windows XP indefinitely. We can expect new XP vulnerabilities to be targeted given the huge number of XP machines still in circulation worldwide, which are in the hundreds of millions according to many recent surveys.

Why this is a problem for non-XP usersThose of us not running XP should not be too smug about this, as the end of Windows XP security patching is grave concern for everyone. More compromised Windows XP systems equates to their usage in targeting everyone, regardless of operating system. Compromised systems are often placed into large botnets of devices, allowing the bad guys to systematically direct phishing attacks, send spam and conduct DDoS attacks.

Does Microsoft have a moral duty to carry on patching XP?
So given this, does Microsoft have a moral and security responsibility to keep on patching Windows XP post April? On the one hand I understand their commercial aspect and the advantage of standardising on less versions, however on the other hand given the mass numbers of Windows XP systems still in use, I think Microsoft does have a moral duty to keep on security patching Windows XP after April, and play its part in protecting everyone.

UK Government Windows XP AdviceThe UK government recently released its Window XP advice to UK organisations. This CESG guidance urges the retirement of WIndows XP and Office 2003 before 8th April 2014, but provides some short-term mitigation advice for organisations that will struggle to meet the deadline.

CESG Windows XP End of Support: Reducing Risk During Migration