Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Trustwave Blog

6 Common Questions Answered About Windows XP End-of-Life

As we've previously discussed on this blog, Microsoft is ending support on April 8 for its 13-year-old Windows XP operating system. Yes, all good things must come to an end.

Considering the publicity surrounding this announcement, the end-of-life news shouldn't come as much of a surprise to most organizations.

Of course, a number of companies currently running XP surely will be taken aback when the deadline arrives. But a much greater majority that hasn't transitioned to a newer platform across their environment likely has done so on purpose. After all, such a migration is costly and complex, and runs the risk of breaking things due to incompatibility issues. Because of those reasons, and because XP is so widespread, expect to see it in use for many years to come.

But entities that fail to update are doing so at their own risk, both from a security and risk perspective, as well as a compliance standpoint - specifically the Payment Card Industry Data Security Standard (PCI DSS) if they are relying on point-of-sale (POS) systems that run on XP.

I asked Gregory Rosenberg, a security engineer at Trustwave, to answer some of the common questions about XP end-of-life that we've been receiving from customers.


1. What exactly is Windows XP end-of-life?

The longtime operating system from Microsoft is no longer going to be supported as of April 8. The biggest thing that means is that Microsoft no longer will issue security updates for vulnerabilities in XP. And that's a huge deal when one considers that an estimated one quarter to one third of the world's desktops run XP.


2. Is this really that big of a deal?

If there's anything we know about the bad guys, it's that they prefer the least resistant path possible when launching attacks. The less effort they have to exert, the better. Anecdotal reports indicate that the market for Windows XP exploits has ramped up considerably over the last year. It's likely that attackers have hoarded a number of exploits that they'll launch once patches stop coming in. But even more likely is that, due to shared coded bases between XP and newer versions of Windows, attackers will reverse engineer patches that Microsoft issues going forward and attempt to create exploits that also work on XP.


3. For organizations slow or unwilling to migrate to a newer platform, what are some best practices?

For starters, they should conduct a risk assessment of their environment to determine where XP is running. That will allow them to drill down on XP devices and apply specific security controls to them. If the deployment of XP is much more widespread than anticipated, organizations should consider bulking up their overall network security, including deploying advanced anti-malware, intrusion detection and prevention and network monitoring. And of course, obvious best practices like limiting privileges and ensuring all workstations are running the latest web browser version are critical.

I should also add that customers with a Microsoft support contract still will receive anti-malware signatures for all XP systems through July 14, 2015.


4. I've been hearing that the support cutoff could have a big impact on XP-based embedded systems, like point-of-sale systems that handle credit card swipes. Is this true?

While Microsoft is maintaining support for Windows XP Embedded through 2016, support expires for the widely deployed Windows XP Professional for Embedded Systems - which is identical to Windows XP - on April 8. Given that news, retailers using POS systems should be aware of the risk following that date, especially given the alarming trend of POS malware incidents affecting retailers.

Most businesses are probably aware that they are running XP on their desktops - and that the end-of-life deadline is quickly approaching. But I'm not sure the same applies to many merchants running XP on their POS systems. Many don't even realize it. It's worrying.


5. Given the support cutoff and this new POS malware trend, how important is third-party help?

There are a number of steps that businesses can take to protect themselves from POS breaches. Our recently published white paper, "Combatting Point-of-Sale Malware," offers some very helpful guidance, from reviewing remote connection logs to segmenting systems from the rest of the network to toughening passwords to pen testing systems to implementing advanced malware defenses.

But the paper concludes with an important caveat: "Operate under the assumption that not only is a compromise possible, it may well be imminent (if it hasn't already occurred)." With this in mind, merchants can request proactive breach detection investigations from a company like Trustwave. They are designed to identify if they've been victimized by a breach or if they suspect an attack already is currently happening. The goal is to flag a breach as quickly as possible to limit the damage and minimize recovery times and costs.


6. Can I be out of compliance if I'm running XP on my POS systems?

As this article states, running XP on POS systems will violate PCI DSS 6.2, which requires retailers to install the latest security patches. We estimate that at least 30 percent of POS systems out there are running XP - and the sad fact is many merchants don't even realize it for any number of reasons, mostly due to simple unawareness.

If organizations have a compelling business case to maintain XP-based POS systems, then compensating controls - such as web application firewalls, whitelisting, IDS/IPS and patch support - can help them maintain compliance. Of course, the best option is to upgrade POS systems to Windows Embedded, but that is a costly and time-consuming process.

We've got a bit of a mess on our hands, but the best thing to hope for is attention. If companies are at least aware of the risk, that can be half of the battle.


If you have any additional questions, please don't hesitate to contact Greg at

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More