Feeds

THOUSANDS of UK.gov Win XP PCs to face April hacker storm... including boxes at TAXMAN, NHS

FOIs reveal bureaucrats losing switchover race by widest margin

Beginner's guide to SSL certificates

Exclusive Thousands of PCs at Britain’s biggest public sector bodies will miss Microsoft’s April deadline to abandon Windows XP before open season for hackers begins.

HMRC and the NHS in England and Scotland will still be running thousands of systems using Windows XP after Microsoft turns off the support lifeline on 8 April.

HMRC has 85,784 PCs, of which 85,268 are moving off Windows XP and 58,631 are ditching Internet Explorer 6.

NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6.

The information came to light following a series of Freedom of Information Act (FOI) requests lodged by The Register with UK government organisations.

Migration plans

HMRC and NHS Scotland said they both have co-ordinated plans to replace Windows XP and IE 7; they are going with Windows 7 and IE 8 and, in a few cases, Windows 8 and 10.

But while upgrade work is in full swing, it won’t be completed by April’s deadline.

HMRC told us it expects to have completely moved off of Windows XP by “the end” of 2014, while NHS Scotland expects to finish in the third quarter.

HMRC began its migration in 2012, with NHS Scotland beginning its shift relatively late, in July 2013.

8 April is the date when extended support for Windows XP from Microsoft finally comes to an end. Prior to this date, Microsoft will issue security patches to block malicious code and viruses written to infect PCs and networks and steal users’ data.

Come 9 April, there will be no more protection from Microsoft.

Customers who wish to continue receiving protection must pay Microsoft for dedicated support – coming at eye-watering prices: $200 per desktop for year one, $400 for year two and $800 for a third year.

Extended support is only available to the biggest customers – those on premier-level support.

UK taxpayer? Read on...

Neither the HMRC – collector for the nation’s purse – nor NHS Scotland will pay for protection, according to our FOIA requests, yet users will continue to be allowed to access the internet from their vulnerable Windows XP machines and using IE6.

That means users could come under attack with no defence from Microsoft.

However, neither body is faring quite as badly as the NHS in England, which, based on our FOIA request, is a picture of anarchy on Windows XP.

There are total of 1.086 million PCs and laptops running Windows at trusts, GPs and other health groups that comprise the National Health Service in England.

The Register asked NHS England how many PCs at hospitals, GPs and administrative bodies there are which run Windows XP and IE 6, 7 or 8.

We also asked if there’s a co-ordinated migration plan and when it will be complete.

Local organisations 'aware of the need to migrate'. How many need to make the move? We don't know...

The NHS in England’s response was that it simply doesn’t know beyond headline numbers the state of Windows XP’s penetration or migration work.

The reason is hospitals, ambulance and community and mental health trust, and GP surgeries are all considered separate organisations responsible for their own IT and migration plans. “No central records are held,” NHS England told The Reg.

The result is it cannot say how many medical or and back-office staff or systems will be exposed at the NHS in England.

“Local organisations are currently in the process of upgrading PCs to use the Windows 7 operating system in advance of Windows XP support ending in April 2014. Local organisations are aware of the need to migrate from Windows XP in advance of the April 2014 de-support date,” NHS England said.

The group is responsible for supplying IT to 6,100 staff in 60 buildings and it's in the middle of a project to deploy a common desktop IT architecture to this group using Windows 7. The plan is to complete the programme in February/March 2014.

Our FOI requests reflect what’s happening in the field – that very large customers of Microsoft are going to miss April’s deadline.

Only some of them are planning to pay.

Application migration specialist Camwood, heavily involved in helping customers move from Windows XP, told The Reg it has got several “large” customers paying Microsoft for support after 8 April rather than go naked.

Camwood works with organisations that have more than 2,000 PCs.

“It was cheaper for them to pay Microsoft than to accelerate migration,” Camwood chief executive Adrian Foxall told us.

Despite the fact Windows XP support is due to finish in three months, Camwood is still picking up new business from organisations in the public sector to start migrations, it says – many of them within the NHS.

Foxall reckoned there are two types of customer coming to Camwood: those who have got a plan and want Camwood to help execute it and those without a plan.

The public sector, he says, falls mostly into the latter group. “We are still winning new projects now. They will miss the deadline and they are acutely aware of that,” Foxall said. ®

Beginner's guide to SSL certificates

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.