'Truly alarming' number of councils still on XP - FOIs
CRN research finds almost a third of local councils are still running XP - months after extended support expired
Almost a third of local councils in the UK are still running Windows XP, months after a public sector-wide extended support agreement came to an end, CRN can reveal.
CRN sent Freedom of Information (FOI) requests to all 435 local councils in the UK in June - two months after extended support came to an end - and 105 supplied us with data on which operating systems they run in their PC estate.
Some 31 per cent of councils which responded said they are running Windows XP in some form and of all the PCs declared by the authorities, seven per cent are running the ancient OS.
The majority of machines (79 per cent) run Windows 7, one per cent run Windows 8 and the remaining 13 per cent run another OS, such as Android or iOS.
Independent IT security expert Graham Cluley said the figures are shocking.
"The worrying thing is that as members of the public, we can choose which businesses we share our information with but we can't help but deal with our councils," he told CRN. "We expect them to be responsible when it comes to securing our data, but the fact that such a worrying proportion of council computers are still running Windows XP is truly alarming.
"It's not as though they didn't have years and years of warning that Windows XP was coming to an end, and [didn't know they] would be vulnerable to exploitation by hackers through vulnerabilities that are being patched on more modern versions of Windows."
Microsoft ended XP support in April last year, but at the last minute, agreed a one-year extended support deal with the UK government to support the public sector. In May this year, the government announced that the deal had come to an end and would not be renewed, claiming "good progress" had been made.
The Cabinet Office was not available to comment on CRN's research today, and in a statement, Microsoft said: "After 12 years, support for Windows XP ended on 8 April 2014. There are no longer any security updates or technical support for the Windows XP operating system. It is very important that customers and partners migrate to a modern operating system."
Last month, Microsoft agreed a deal with the US Navy to provide extended support for Windows XP, setting the authority back a whopping $9.1m (£5.8m).
Kelvin Kirby, treasurer for the International Association of Microsoft Channel Partners, said councils in the UK would theoretically be able to purchase similar agreements, but it would cost them.
"The argument is it would be cheaper if they just upgraded to the next OS," he said.
Timing is everything
During the year-long migration campaign leading up to the end of support last April, many customers in the public sector had migration projects under way but were unsure if they would be completed by the deadline. The extended-support deal was designed with those in mind, offering them a lifeline to finish their upgrades before it was too late.
Roy Pickard, EMEA channel manager for security firm Bit9 and Carbon Black, said this extra time should have been ample to complete the upgrade.
"The fact that so many local councils continue to run Windows XP is startling," he said. "The extra year should have helped significantly, but as the figures show, it clearly wasn't enough.
"Those still running XP are making themselves an easy target for hackers, who will be able to exploit newly discovered security flaws and hacking techniques to breach their defences with relative ease now that extended support has ended. These vulnerabilities could lead to the compromise of councils' critical infrastructure and the loss of essential information - including citizens' personal data."
But according to security vendor Avecto's vice president Andrew Avanessian, giving councils extra time to upgrade was something of a pointless exercise.
"From my experience, if they were in a position to migrate away from XP, they would have already done it," he said. "Giving them an extra year just means they can delay the inevitable. You'll probably find in another year, the percentages [of councils running XP] will be much the same. Really, they should have been planning this years before - it has been well publicised as well.
"Still to have XP running in your estate is a massively dangerous thing to do."