Back those days when XP was introduced, it completely overhauled windows 98 with new graphics and functionality. Currently, windows XP has become 16 years but it has not lost its popularity, we can still see the windows XP in different kinds of organization, especially in government organization in Nepal. I have observed , government employees playing Solitaire while we waited in line for hours. According to statcounter.com, Windows XP is still running on 3% of all desktops.

Key Vulnerabilities

There is no support for XP by Microsoft from April 8, 2014. So, Windows XP computers are more vulnerable to information security threats. Hence, came Ransom-ware attack which was in headlines in May 2017. This is not end of it, we will most likely to hear more security attack on XP machines in near future also. Further, this will lead windows XP machine to be target of Zero Day exploits as when windows launches any security patches for its operation system, exploiters will figure out what vulnerability is fixed by that patch and then launch  with launch their exploit on windows XP machines.

There are many vulnerabilities found in windows XP like buffer overflow of internet explorer and easy targets of different malware. The major key security threat in XP was that administrator account had unlimited privileges.

I have made following video to show how windows machine can be exploited using these vulnerabilities. In this video, I have used for different techniques to attack windows XP machines to show you how vulnerable these machines are. The two technique related to buffer overflow attack: memory flaws of Internet Explorer 6 and another  well known flaw of SMB protocol. Third one is Man-In-Middle attack. Final one is related with deploying Trojan or backdoor.

DISCLAIMER: THis VIDEO IS MADE FOR EDUCATIONAL PURPOSE ONLY. PLEASE RESPECT OTHER PEOPLE’S PROPERTY AND PRIVACY AS YOU DO FOR YOURS. THANK YOU.

Why Use of XP so prevalent

As, discussed earlier, the windows XP machines are still being used largely in various types of the organization. Why is the reason of being so. The main reason is the usually in government organization, once they purchase desktop, they will not replace until and unless, it turns to scrap material. During Window 98 era, more organization were in manual mode, most of these institutions did not use computer for day to day work. When they did gradually started to upgraded them, they got stuck on XP and then decided to not to upgrade at all. As up gradation requires lot of effort and time.

Microsoft launched Windows Vista after the success of Windows XP, however, it failed miserable. As per Wikipedia, Vista was expensive, current user hardware system were not able to support that product and other legal issues to name a few. Due to the mass failure of windows VISTA, user uninstall that operating system and switch back to windows XP.

Mitigation

The only way to protect yourself is to upgrade window XP with latest version windows system. There is no other option. However, if you are still need to use windows XP then following solution may be adopted.

  1. Segregate the network in which the XP machine are installed. This network should be protected by strong firewall to control the traffic going inside and outside the network.
  2. The main problem with XP was that its’ administrator had unlimited privileges. Therefore, such account should be strictly controlled and monitored.
  3. Finally, to emphasis again, these kind of system should be upgraded as soon as possible. Because, in coming future new vulnerabilities are likely to discovered and exploits will be made to compromise these kind of vulnerabilities.

Thank you for reading. If you have found it useful, please do share.