{"id":1395,"date":"2013-09-20T11:19:51","date_gmt":"2013-09-20T17:19:51","guid":{"rendered":"http:\/\/wp.natsci.colostate.edu\/cnsit\/?p=1395"},"modified":"2020-12-07T12:36:29","modified_gmt":"2020-12-07T19:36:29","slug":"windows-xp-office-2003-end-of-microsoft-support","status":"publish","type":"post","link":"https:\/\/cnsit.colostate.edu\/kb\/windows-xp-office-2003-end-of-microsoft-support\/","title":{"rendered":"Windows XP, Office 2003 : End of Microsoft Support"},"content":{"rendered":"<p>As you may be aware, support for <b>Windows XP <\/b>(and <strong>Office 2003<\/strong>) will end on <b>April 8, 2014 (<\/b><a href=\"http:\/\/www.microsoft.com\/en-us\/windows\/endofsupport.aspx\">more info here<\/a>).\u00a0 This carries significant risks to CSU due to the potential of having a non-supported operating system in the environment and additional risks of which your Microsoft team feels compelled to make you aware, including:<\/p>\n<ul>\n<li>Security and compliance risk of running an unsupported OS (no more security patches)<\/li>\n<li>No support in the event of critical XP support issues<\/li>\n<li>Inability to run latest versions of Microsoft Office as well as 3rd party applications<\/li>\n<li>Potential for license compliance risks related to downgrade rights<\/li>\n<li>Potential security breaches of student information<\/li>\n<\/ul>\n<p><b>What does End of Support mean to customers?<\/b><\/p>\n<p>After April 8, 2014, there will be <b>no new security updates<\/b>, non-security hotfixes, free or paid assisted support options or online technical content updates for Windows XP or Office 2003.<\/p>\n<p><b>Running Windows XP SP3 or Office 2003 in your environment after their end of support date may expose your company to potential risks. <\/b>You can find additional information about the risks of staying on Windows XP below, but I\u2019d like to call out some <b>alarming data points<\/b>:<\/p>\n<p><a href=\"http:\/\/www.welivesecurity.com\/2013\/08\/13\/cybercriminals-saving-up-wave-of-windows-xp-attacks-for-when-microsoft-stops-support\/\"><b>Cybercriminals \u201csaving up\u201d wave of Windows XP attacks for when Microsoft stops support\u201d<\/b><\/a><\/p>\n<p>According to this article, many security experts are reporting that \u201cCybercriminals will unleash a wave of \u2018zero-day\u2019 vulnerabilities to attack Windows XP machines after April 8, 2014\u2026.Criminals will \u2018sit on\u2019 such vulnerabilities until that date to make more money from their exploits.\u201d<\/p>\n<p><b>The Risk of Running Windows XP After Support Ends April 2014<\/b><b>:<\/b><\/p>\n<p>This recently Published Microsoft\u2019s Security Blog outlines the reasons that Windows XP will become significantly more vulnerable after April 8<sup>th<\/sup> 2014:<\/p>\n<p>\u201cThe very first month that Microsoft releases security updates for supported versions of Windows [After April 8, 2014], attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.\u00a0 If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.\u00a0 Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a \u201czero day\u201d vulnerability forever.\u00a0 How often could this scenario occur?\u00a0 Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.<\/p>\n<p><b>Additional risks of Running Windows XP beyond April 8<\/b><b><sup>th<\/sup> 2014:<\/b><\/p>\n<ul>\n<li><b>Security &amp; Compliance Risks: <\/b>Unsupported and unpatched environments are vulnerable to security risks. This may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications, and\/or public notification of the organization\u2019s inability to maintain its systems and customer information.<br \/>\n<a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/ee623029.aspx\">The Microsoft Payment Card Industry Data Security Standard Compliance Planning Guide<\/a> is designed to help organizations address the requirements of version 1.2 of this standard using Microsoft products and technologies. This guide is intended to extend the IT Compliance Management Guide, which introduces a framework\u2013based approach to creating IT controls as part of your organization\u2019s efforts to comply with multiple regulations and standards.<\/li>\n<li><b>Lack of Independent Software Vendor (ISV) &amp; Hardware Manufacturers support: <\/b>A recent industry report from Gartner Research suggests &#8220;many independent software vendors (ISVs) are unlikely to support new versions of applications on Windows XP in 2011; in 2012, it will become common.&#8221; And it may stifle access to hardware innovation: Gartner Research further notes that in 2012, most PC hardware manufacturers will stop supporting Windows XP on the majority of their new PC models.<\/li>\n<li><b>Windows XP not supported for Office 2013:<\/b>\u00a0 If your organization is planning to use Office 365 or Office 2013, please note that those both require that the client OS be Windows 7 or later. So having a large number of Windows XP devices could impact your ability to leverage the latest software and tools which would otherwise be beneficial to your organization.<\/li>\n<li><b>Limited Ability to Downgrade OS on new PCs:<\/b>\u00a0 For Windows licenses acquired on a new PC though an OEM, you may downgrade to the two prior versions (N-2) of the licensed Windows edition. This means that as long as the OEM PCs are shipping with Windows 7 you have the option to downgrade those PCs to Windows XP, but current PCs purchased with Windows 8, you will only be able to downgrade them to Windows Vista or Windows 7, not XP.<\/li>\n<\/ul>\n<p><b>Additional business justification for upgrading from Windows XP to a supported OS:<\/b><\/p>\n<ul>\n<li>IDC whitepaper: Mitigating Risk: Why Sticking with Windows XP is a Bad Idea<br \/>\n&#8220;IDC&#8217;s analysis shows that supporting older Windows XP installations, compared with a modern Windows 7-based solution, saddles organizations with a dramatically higher cost.\u00a0 Annual cost per PC per year for Windows XP is $870, while a comparable Windows 7 installation costs $168 per PC per year.\u00a0 That is an incremental $701 per PC per year for IT and end-user labor costs.&#8221;<\/li>\n<\/ul>\n<p>&#8220;The conclusion is simple:\u00a0 Organizations that continue to retain a Windows XP environment not only are leaving themselves exposed to security risks and support challenges but also are wasting budget dollars that would be better used in modernizing their IT investments.&#8221;<\/p>\n<ul>\n<li>Forrester whitepaper: Total Economic Impact of Windows 7<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>As you may be aware, support for Windows XP (and Office 2003) will end on April 8, 2014 (more info here).\u00a0 This carries significant risks to CSU due to the potential of having a non-supported operating system in the environment and additional risks of which your Microsoft team feels compelled to make you aware, including: [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1397,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,11,16],"tags":[],"class_list":["post-1395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-cnsit","category-security-news","category-windows"],"_links":{"self":[{"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/posts\/1395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/comments?post=1395"}],"version-history":[{"count":3,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/posts\/1395\/revisions"}],"predecessor-version":[{"id":3717,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/posts\/1395\/revisions\/3717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/media\/1397"}],"wp:attachment":[{"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/media?parent=1395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/categories?post=1395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cnsit.colostate.edu\/kb\/wp-json\/wp\/v2\/tags?post=1395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}