Microsoft details risks of running unsupported software

Microsoft published their Security Intelligence Report (SIR) volume 15, which analyzes threat intelligence from more than 1 billion systems worldwide to provide in-depth perspectives on exploits, vulnerabilities and malware to help customers manage risk.

Among other intelligence, the report examines the security risk that consumers and businesses face when using unsupported operating systems and software and looks at the implications of using Windows XP once support, including security updates, ends April 8, 2014.

In addition, new telemetry compares the security of modern operating systems such as Windows 8 with older operating systems such as Windows XP that, according to StatCounter, make up approximately 21 percent of operating systems used today.

The report found these top three worldwide threats for those running Windows XP:

• Sality. Malware family that can steal personal information and lower a PC’s security settings.
• Ramnit. Malware that infects Windows executable files, Microsoft Office files and HTML files.
• Vobfus. Family of worms that can download other malware onto a PC; it can be downloaded by other malware or spread via removable drives, such as USB flash drives.

The report found that in the first half of 2013, nearly 17 percent of computers worldwide running up-to-date, real-time security products from Microsoft encountered malware. Although Windows 8 encountered a similar amount of malware as Windows XP, computers running Windows XP were six times more likely to actually be infected with those threats (click on the screenshot to enlarge it):

“The data help illustrate the positive impact that security innovations in newer operating systems are having. Modern operating systems such as Windows 8 include advanced security technologies that are specifically designed to make it harder, more complex, more expensive and, therefore, less appealing for cybercriminals to exploit vulnerabilities,” said Tim Rains, director of Microsoft Trustworthy Computing.

Rains added that once security updates for Windows XP stop on April 8, 2014, security risks associated with continuing to use the outdated software will increase as cybercriminals seek to exploit newly discovered vulnerabilities. The last version of Windows XP to go out of support was Service Pack 2. In the two years following, malware infections jumped 66 percent when compared with Windows XP SP3, the version for which support ends next year.

“The importance of upgrading from Windows XP cannot be overstated,” Rains said. “We truly want people to understand the risks of running Windows XP after support ends and to recognize the security benefits of upgrading to a more modern operating system — one that includes the latest in security innovations, provides ongoing support and can in turn better protect them.”

SANS trainer and Microsoft security expert Jason Fossen has previously theorized that the still great Windows XP market share will result in blackhats keeping information about found Windows XP zero-day vulnerabilities or exploits for them secret until April 2014, then sell them for huge sums.

And while more experienced users are becoming slowly annoyed with Microsoft’s relentless awareness campaign aimed at Windows XP users and at making them switch to a newer version of the OS, results of a recent Intel survey reveal that Forty-seven percent of the small business respondents were unaware that Microsoft is ending service support for Windows XP platform, and that therefore updates will no longer be provided to help protect PCs.

For more details about this and other risks, download the report.