Feeds

THOUSANDS of UK.gov Win XP PCs to face April hacker storm... including boxes at TAXMAN, NHS

FOIs reveal bureaucrats losing switchover race by widest margin

SANS - Survey on application security programs

Exclusive Thousands of PCs at Britain’s biggest public sector bodies will miss Microsoft’s April deadline to abandon Windows XP before open season for hackers begins.

HMRC and the NHS in England and Scotland will still be running thousands of systems using Windows XP after Microsoft turns off the support lifeline on 8 April.

HMRC has 85,784 PCs, of which 85,268 are moving off Windows XP and 58,631 are ditching Internet Explorer 6.

NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6.

The information came to light following a series of Freedom of Information Act (FOI) requests lodged by The Register with UK government organisations.

Migration plans

HMRC and NHS Scotland said they both have co-ordinated plans to replace Windows XP and IE 7; they are going with Windows 7 and IE 8 and, in a few cases, Windows 8 and 10.

But while upgrade work is in full swing, it won’t be completed by April’s deadline.

HMRC told us it expects to have completely moved off of Windows XP by “the end” of 2014, while NHS Scotland expects to finish in the third quarter.

HMRC began its migration in 2012, with NHS Scotland beginning its shift relatively late, in July 2013.

8 April is the date when extended support for Windows XP from Microsoft finally comes to an end. Prior to this date, Microsoft will issue security patches to block malicious code and viruses written to infect PCs and networks and steal users’ data.

Come 9 April, there will be no more protection from Microsoft.

Customers who wish to continue receiving protection must pay Microsoft for dedicated support – coming at eye-watering prices: $200 per desktop for year one, $400 for year two and $800 for a third year.

Extended support is only available to the biggest customers – those on premier-level support.

UK taxpayer? Read on...

Neither the HMRC – collector for the nation’s purse – nor NHS Scotland will pay for protection, according to our FOIA requests, yet users will continue to be allowed to access the internet from their vulnerable Windows XP machines and using IE6.

That means users could come under attack with no defence from Microsoft.

However, neither body is faring quite as badly as the NHS in England, which, based on our FOIA request, is a picture of anarchy on Windows XP.

There are total of 1.086 million PCs and laptops running Windows at trusts, GPs and other health groups that comprise the National Health Service in England.

The Register asked NHS England how many PCs at hospitals, GPs and administrative bodies there are which run Windows XP and IE 6, 7 or 8.

We also asked if there’s a co-ordinated migration plan and when it will be complete.

Local organisations 'aware of the need to migrate'. How many need to make the move? We don't know...

The NHS in England’s response was that it simply doesn’t know beyond headline numbers the state of Windows XP’s penetration or migration work.

The reason is hospitals, ambulance and community and mental health trust, and GP surgeries are all considered separate organisations responsible for their own IT and migration plans. “No central records are held,” NHS England told The Reg.

The result is it cannot say how many medical or and back-office staff or systems will be exposed at the NHS in England.

“Local organisations are currently in the process of upgrading PCs to use the Windows 7 operating system in advance of Windows XP support ending in April 2014. Local organisations are aware of the need to migrate from Windows XP in advance of the April 2014 de-support date,” NHS England said.

The group is responsible for supplying IT to 6,100 staff in 60 buildings and it's in the middle of a project to deploy a common desktop IT architecture to this group using Windows 7. The plan is to complete the programme in February/March 2014.

Our FOI requests reflect what’s happening in the field – that very large customers of Microsoft are going to miss April’s deadline.

Only some of them are planning to pay.

Application migration specialist Camwood, heavily involved in helping customers move from Windows XP, told The Reg it has got several “large” customers paying Microsoft for support after 8 April rather than go naked.

Camwood works with organisations that have more than 2,000 PCs.

“It was cheaper for them to pay Microsoft than to accelerate migration,” Camwood chief executive Adrian Foxall told us.

Despite the fact Windows XP support is due to finish in three months, Camwood is still picking up new business from organisations in the public sector to start migrations, it says – many of them within the NHS.

Foxall reckoned there are two types of customer coming to Camwood: those who have got a plan and want Camwood to help execute it and those without a plan.

The public sector, he says, falls mostly into the latter group. “We are still winning new projects now. They will miss the deadline and they are acutely aware of that,” Foxall said. ®

Top three mobile application threats

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.