HORDES OF CLING-ONS menace UK.gov IT estate as special WinXP support ends

Met Police at least have a plan: NHS doesn't even have a clue


UK government departments still running Windows XP are now doing so entirely on their own.

A framework support agreement between the Crown and Microsoft guaranteeing the release of special security patches for PCs still on Windows XP has ended after one year.

That deal - revealed here - expired on April 14 and it’s been decided it will not be rolled into a second year, Microsoft has told The Reg.

Other creaking Microsoft products also covered by the custom support deal were Office 2003 and Exchange 2003.

Government departments and agencies continuing to run these antiques must now cut their own deals with Microsoft or find alternative means of protection.

A Microsoft spokesperson told The Reg:

“It is down to individual customers to evaluate their estates and risk profile, the best option is to upgrade to a modern operating system such as Windows 8.1 ensuring delivery of relevant security patches and updates.

“Individual government departments and agencies are also able to purchase extended support as they see fit.”

The Metropolitan Police is one of those groups.

One year after Microsoft’s official Windows XP support ended, the capital’s police force has 35,910 PCs still running the dated operating system.

Migration – to Windows 8.1 and Internet Explorer 11 - is pencilled in for completion on January 2016, the force has told The Reg.

The Met said:

“The MPS [Metropolitan Police Service] has requested a direct option with Microsoft to continue a Custom Support Agreement for Windows XP for the next 12 months.”

Other government bodies don’t plan on overshooting into 2016 – but are still exposed.

HMRC had 900 PCs of 80,000 to move off Windows XP by a project completion date of end of April 2015 – it’s moving to Windows 7 and Windows 8.1

But the project was “slightly behind” original schedule when last The Reg checked.

Asked what steps HMRC had put in place to protect lagging PCs in the absence of a second year of protection from Microsoft, HMRC refused to provide specifics.

"Microsoft security support was only one of the measures we use within a "defence in depth" strategy," HMRC said. "Other defensive measures remain in place, including the ability to isolate devices from external connections if required."

Other UK government agencies are going it alone without their own custom-support deal.

NHS Scotland, the body that administers health services in Scotland, has 2,600 PCs still running Windows XP with plans to finish its migration to a combination estate of Windows 7 and VDI by September 2016.

To defend against hackers and malware, the body has implemented a series of best practices to protect Windows XP PCs in the interim.

That includes applying existing Windows XP security patches, antivirus updates, “heightened security vigilance,” escalated security procedure and “reinforced staff awareness on security risks,” the body told The Reg.

Further down the health chain things look worse.

NHS Scotland, like NHS England, is not responsible for leading or forcing IT strategy at a grass-roots level.

Hospitals, health boards, trusts, GPs and other bodies that comprise this NHS Scotland and England grass roots, combined, operate more than one million PCs.

One Reg tech-industry source with contracts in the health service said that as of six months ago, 85 per cent of PCs in hospitals, trusts and other bodies still ran Windows XP. It's unlikely to have shifted much since.

NHS England has admitted to The Reg it does not keep records or numbers of PCs still running Windows XP.

The one-year Cabinet Office Support Agreement was signed by Crown Commercial Services to ensure Microsoft continued rolling out bug fixes and patches once Redmond's official Windows XP wrapped up on April 8, 2014.

From that point, Microsoft would not release security fixes and updates as a matter of course. Instead, clingers-on had to negotiate custom support agreements – at considerable cost: $200 a desktop in year one, doubling in year two.

Customers also had to give Microsoft a guarantee that they planned to get off Windows XP in the form of a migration plan.

Microsoft’s deal with No. 10 was a framework that meant government entities didn’t need to enter separate deals – as they are now doing.

It provided civil servants with considerable savings – costing £5.584m for the whole of UK government. Those behind the deal boasted it would lead to “projected savings in excess” of £20m against “standard” pricing.

Now, however, UK government bodies still clinging to Windows XP, those migrating and those which have missed the date to purge Windows XP, get nothing – no protection from Microsoft should fresh malware or attacks appear - unless they cough up their own cash. ®

Similar topics


Other stories you might like

  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading

Biting the hand that feeds IT © 1998–2021