In April of 2014, Microsoft will stop releasing any new security patches for Windows XP. “Like it or not, migrating off Windows XP is no longer optional, the clock is counting down”, says Jason Fossen, principal security consultant at Enclave Consulting LLC, published author and a noted public speaker on Microsoft security issues.
“Hackers are still actively looking for vulnerabilities within the older operating systems. As of April 2014, Microsoft will no longer release any new security patches for Windows XP,” explains Fossen. “Roughly half of all business and government computers are still running Windows XP, and the time is running out before XP’s end of life. XP vulnerabilities published after April of 2014 will be very valuable to hackers and malware designers.”
Fossen believes that older operating system and unpatched application software such as Adobe Reader and Java are instrumental in the rise of Advanced Persistent Threat (APT). The expert points to the recent report from Mandiant on APT1, an organised group which it links to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
According to its research, since 2006 APT1 has conducted economic espionage against 141 victims across multiple industries. The report also highlights 40 APT1 malware families that have been used in attacks. “APT attacks will exploit Microsoft operating systems and securing Windows is absolutely critical in reducing the risk of APT,” says Fossen.
Fossen stresses that the issue is not entirely the fault of Microsoft, as all operating systems eventually need to be decommissioned. However, organisations often underestimate the security risk of waiting till the last moment to migrate and cannot migrate sooner or more quickly because of budget constraints. “Newer versions of Windows provide features that help resist APT but only if correctly configured and deployed and many organisations still lack the knowledge to utilise these features in a coherent fashion,” Fossen adds.
Fossen will be teaching the new SANS SEC505: Securing Windows and Resisting Malware course which will be making its European debut at SANS Secure Europe 2013. The SANS instructor has spent several months updating the course syllabus to reflect the arrival of new operating systems, but highlights the end of life for previous versions as a much more worrying event.
This course teaches the most important things to do to secure Windows and how to minimize the impact on users of these changes. Through hands on demonstrations, the course teaches step-by-step exercises and offers preparation for the GIAC Certified Windows Security Administrator (GCWN) certification exam.
“As we live within a world where Advanced Persistent Threat malware is now commonplace, unsupported and vulnerable operating systems residing within a seemingly secure environment can become a breeding ground for APT. Organisations need to develop a migration strategy to get off Windows XP before April of 2014, not after.”
The Securing Windows and Resisting Malware course is fully updated for Windows Server 2012, Windows 8, Server 2008-R2, and Windows 7.
SANS Secure Europe 2013, mainland Europe’s largest InfoSec training event will be returning to Amsterdam’s Radisson Blu Hotel from 15th to 27th of April 2013 with a roster of eight essential training courses plus free evening talks, networking opportunities and NetWars session.