Clients      Employees

Ignoring Microsoft End-of-Support Deadlines Is a Major Gamble


Continuing to use Microsoft XP and Office 2003 after April 8 is kind of like driving at night without using your headlights or your seatbelt. You may get where you need to go if you’re lucky, but it’s only a matter of time before disaster strikes. Is it worth the risk?

With the end-of-support deadline quickly approaching for these popular Microsoft products, a recent study of more than 1,000 predominantly midsize organizations found that 77 percent are still using XP and 60 percent don’t expect to upgrade by April 8. These organizations will quickly become prime targets of hackers.

Zero-day exploits are capable of identifying and exploiting vulnerabilities in your network on the same day. Are your antivirus software and IT manager capable of preventing such threats? You better hope so, because critical security updates and patches from Microsoft won’t be released after April 8. Security software is best utilized when combined with updates and patches from Microsoft.

In addition to security concerns, organizations that are subject to industry regulations are likely to face compliance issues if they don’t upgrade by April 8. For example, healthcare organizations and medical facilities that are required to ensure the privacy of patient medical records will not be HIPAA (Health Insurance Portability and Accountability Act) compliant if they’re using XP.

Similarly, the Model Rules of Professional Conduct, a set of rules that addresses ethical obligations of attorneys, state that an attorney must act competently to protect sensitive information used to represent a client. If a security breach occurs, the use of unsupported technology despite public warnings from the developer would be difficult for even the most skilled attorney to defend.

Attorneys can even be held responsible for technology used to store and transfer data by staff, vendors and clients outside of the office – not just Windows XP and Office 2003, but also Small Business Server 2003, Exchange Server 2003 and SharePoint Portal Server 2003. All of these products will reach end-of-support deadlines on April 8.

Many organizations that still have no plan to migrate away from XP may have been relieved to hear Microsoft’s recent announcement that it will continue to provide updates to its antimalware signatures and engine through July 14, 2015. For enterprise customers, this includes System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune.

However, this is an incomplete solution. Microsoft has made it clear that the effectiveness of antimalware solutions on unsupported operating systems such as XP is limited. Utilizing modern hardware and software is critical to preventing security breaches and maintaining regulatory compliance.

You have a number of options for migration, but time is running out. To avoid the risk of using unsupported technology, let ICG help you put a migration plan into action that suits the needs of your organization.