On April 8th, 2014, Microsoft will discontinue their support for Windows XP and Office 2003. This means Microsoft will no longer provide new security updates, non-security hotfixes, product updates, free or paid assisted support options, and online technical content updates. The Security Services department has identified this as a potential security risk for institutional computers, networks, and information.
After April 8, Windows XP computers will be more susceptible to malicious software (e.g. viruses and worms) since Microsoft will no longer address major security holes in the software. However, Microsoft will continue to develop Windows XP anti-malware signatures for Microsoft Security Essentials – a software program used to defend against malicious software – until July, 2015. This means newly discovered vulnerabilities will not be patched and a potential threat actor (i.e. a criminal hacker) could exploit this to compromise the information system.
In addition, Microsoft Security Essentials for Windows XP will no longer be downloadable after April 8th this year.
The Office of the Chief Information Officer for the State of Washington recently issued Policy 142, which states in part:
“By April 8, 2014, agencies must migrate off all instances of Office 2003, migrate all Windows XP Personal Computers (PCs) to newer platforms, and secure any remaining machines until migration is complete. Security controls in this policy are intended to protect any remaining XP PCs from attack and prevent the spread of attack to agency networks and systems. Academic and research applications and infrastructure at institutions of higher education are exempt.”
Even though this policy offers an exemption for higher education institutions, we are actively moving to meet the requirements of this policy because it makes sense form a security perspective. Our information security processes should not be driven by compliance; they should be driven by business risk assessments.
What are we doing to address this?
The Computer Support Services department, in collaboration with the Security Services department, has been pursuing the upgrading of all identifiable instances of Windows XP. The Computer Support Services team has been and will continue to share relevant information and updates on their progress with the campus community.
How does this affect you?
If you are using a Windows computer for work at Central, it has to have our standard Windows 7 operating system installed. In addition, Microsoft Office software suites has to be Office 2010 or newer. For Central computers there is no cost associated with the installation of the standard Windows operating system or the Office suite.
If you are using a Windows XP computer at home, it is important to update the operating system to a supported operating system such as Windows 7 or Windows 8.1 to receive regular security updates. If you are not sure your home computer will support a newer version of Windows, Microsoft provides a software tool called the Windows Upgrade Assistant, which you can download to check if your computer meets the system requirements.
Technical Assistance and Questions
If you have any questions about your departmental computer, please contact the helpdesk at firstname.lastname@example.org or 963-2001.
For home computers, you can visit the Windows XP End of Support page on Microsoft.com.
Chief Information Security Officer
Central Washington University
Central Washington University President James L. Gaudino today announced a reorganization of the uniCWU Presents Cybersecurity 101 For Businesses, Families
Every day, bad actors from throughout the United States and as far away as China and the Baltic sta