View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 14, 2014

UK public sector facing Windows XP ‘hacker storm’

Time is running out for bodies as Microsoft prepares to retire operating system.

By Ben Sullivan

When Microsoft’s support for Windows XP terminates in April, thousands of PCs used by .gov and public sector bodies including HMRC and the NHS will hit an incoming tide of hackers who will now be able to freely exploit the unguarded systems.

A Freedom of Information request, carried out by tech website The Register, returned statistics showing that "HMRC has 85,784 PCs, of which 85,268 are moving off Windows XP and 58,631 are ditching Internet Explorer 6."

"NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6."

However, it appears the bodies are not moving fast enough, as HMRC told The Register that it expects to have completed its move by "the end" of 2014, while NHS Scotland predicts to finish in the third quarter.

Official Microsoft support ends on 8 April, when the firm will stop issuing security patches to block malicious code that can infect PCs with viruses and even steal data.

Security expert Graham Cluley told CBR that the threat to Windows XP machines is very tangible.

"It is very likely that online criminals will attempt to exploit unpatched vulnerabilities on the XP platform," said Cluley.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"Typically the most attractive vulnerabilities will be remote code execution vulnerabilities which can be used by malware such as a Trojan horse or worm to infect your computer.

"Anyone continuing to run Windows XP after April is, in my opinion, playing a dangerous game."

After 8 April, users who want to continue having Microsoft protection must pay up to £120 per desktop for year one, £240 for year two and £490 in year three.

But according to the FOIA requests carried out by The Register, neither NHS Scotland nor HMRC will pay for the protection, even though the users working for the organisations will still be using the vulnerable PCs.

The NHS in England comes out the worst. A FOIA request showed that there are a total of 1.086 million PCs and laptops running Windows in the service.

The Register asked NHS England if there is a plan in place to migrate.

"The NHS in England’s response was that it simply doesn’t know beyond headline numbers the state of Windows XP’s penetration or migration work," said the tech website.

"No central records are held," NHS England told The Register, when referring to how many medical or back-office staff or systems will be exposed at the NHS in England.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.