Feeds

THOUSANDS of UK.gov Win XP PCs to face April hacker storm... including boxes at TAXMAN, NHS

FOIs reveal bureaucrats losing switchover race by widest margin

Top three mobile application threats

Exclusive Thousands of PCs at Britain’s biggest public sector bodies will miss Microsoft’s April deadline to abandon Windows XP before open season for hackers begins.

HMRC and the NHS in England and Scotland will still be running thousands of systems using Windows XP after Microsoft turns off the support lifeline on 8 April.

HMRC has 85,784 PCs, of which 85,268 are moving off Windows XP and 58,631 are ditching Internet Explorer 6.

NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6.

The information came to light following a series of Freedom of Information Act (FOI) requests lodged by The Register with UK government organisations.

Migration plans

HMRC and NHS Scotland said they both have co-ordinated plans to replace Windows XP and IE 7; they are going with Windows 7 and IE 8 and, in a few cases, Windows 8 and 10.

But while upgrade work is in full swing, it won’t be completed by April’s deadline.

HMRC told us it expects to have completely moved off of Windows XP by “the end” of 2014, while NHS Scotland expects to finish in the third quarter.

HMRC began its migration in 2012, with NHS Scotland beginning its shift relatively late, in July 2013.

8 April is the date when extended support for Windows XP from Microsoft finally comes to an end. Prior to this date, Microsoft will issue security patches to block malicious code and viruses written to infect PCs and networks and steal users’ data.

Come 9 April, there will be no more protection from Microsoft.

Customers who wish to continue receiving protection must pay Microsoft for dedicated support – coming at eye-watering prices: $200 per desktop for year one, $400 for year two and $800 for a third year.

Extended support is only available to the biggest customers – those on premier-level support.

UK taxpayer? Read on...

Neither the HMRC – collector for the nation’s purse – nor NHS Scotland will pay for protection, according to our FOIA requests, yet users will continue to be allowed to access the internet from their vulnerable Windows XP machines and using IE6.

That means users could come under attack with no defence from Microsoft.

However, neither body is faring quite as badly as the NHS in England, which, based on our FOIA request, is a picture of anarchy on Windows XP.

There are total of 1.086 million PCs and laptops running Windows at trusts, GPs and other health groups that comprise the National Health Service in England.

The Register asked NHS England how many PCs at hospitals, GPs and administrative bodies there are which run Windows XP and IE 6, 7 or 8.

We also asked if there’s a co-ordinated migration plan and when it will be complete.

Local organisations 'aware of the need to migrate'. How many need to make the move? We don't know...

The NHS in England’s response was that it simply doesn’t know beyond headline numbers the state of Windows XP’s penetration or migration work.

The reason is hospitals, ambulance and community and mental health trust, and GP surgeries are all considered separate organisations responsible for their own IT and migration plans. “No central records are held,” NHS England told The Reg.

The result is it cannot say how many medical or and back-office staff or systems will be exposed at the NHS in England.

“Local organisations are currently in the process of upgrading PCs to use the Windows 7 operating system in advance of Windows XP support ending in April 2014. Local organisations are aware of the need to migrate from Windows XP in advance of the April 2014 de-support date,” NHS England said.

The group is responsible for supplying IT to 6,100 staff in 60 buildings and it's in the middle of a project to deploy a common desktop IT architecture to this group using Windows 7. The plan is to complete the programme in February/March 2014.

Our FOI requests reflect what’s happening in the field – that very large customers of Microsoft are going to miss April’s deadline.

Only some of them are planning to pay.

Application migration specialist Camwood, heavily involved in helping customers move from Windows XP, told The Reg it has got several “large” customers paying Microsoft for support after 8 April rather than go naked.

Camwood works with organisations that have more than 2,000 PCs.

“It was cheaper for them to pay Microsoft than to accelerate migration,” Camwood chief executive Adrian Foxall told us.

Despite the fact Windows XP support is due to finish in three months, Camwood is still picking up new business from organisations in the public sector to start migrations, it says – many of them within the NHS.

Foxall reckoned there are two types of customer coming to Camwood: those who have got a plan and want Camwood to help execute it and those without a plan.

The public sector, he says, falls mostly into the latter group. “We are still winning new projects now. They will miss the deadline and they are acutely aware of that,” Foxall said. ®

Mobile application security vulnerability report

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.