Patch Tuesday set to become Hack Tuesday

Tuesday, May 13 will mark a big day for the new Microsoft when it releases its first patches since XP’s death. IT and hackers alike will be watching closely. 

Technically, XP has been vulnerable to attack since support ended in April. Hackers have been free to poke around for vulnerabilities to the system, confident it wouldn’t be getting any more security updates.

(OK … so it got one off-cycle update that went out to every version of Windows.)

But that’s a low-reward proposition. While hackers could poke around for weaknesses that haven’t been discovered in the last decade of XP support, the chances of finding serious ones wasn’t too great.

Windows patches will open the door

Instead, hackers were likely waiting for tomorrow when Microsoft releases its monthly Patch Tuesday updates.

Included in these updates will be fixes for Windows 7 and 8. And chances are, the vulnerabilities those address will also affect Windows XP.

So rather than hunting for new flaws, all attackers have to do is wait to see what gets fixed on the newer versions and then see if the same attacks work on older ones.

Every month from here on out will only make XP more susceptible to attack.

Get (everyone) off Windows XP

Most companies are entirely off XP. But many likely have holdouts among their users.

If you have any users who work from home occasionally using a personal device (hint: you probably do), then these users are opening you up to attack.

IT would be wise to find out what the exposure is. Survey users to find which OS they’re running, and what version they’re on. Include both home and work (and mobile devices, too, if that’s a concern for your workplace).

Then explain the risks of continuing to use outdated OSs. It’s one thing for users to hear the news that XP support has ended. But if they don’t see any changes to the way they use their computers, they’re not likely to pay attention.

And, of course, if your organization is continuing to support XP, it’s past time for a succession plan. Any further delays only compound the risk.