NSW Govt spends half a million dollars on XP support
Foot cushions well used in eight agency IT shops
The government in the Australian state of New South Wales (NSW) has spent more than half a million dollars to allow eight state agencies to persist with Windows XP.
Extended support for the operating system famously ended in April this year, four and a half years after the release of Windows 7, the Windows release often considered its closest cousin.
A spokesperson for the Office of Finance and Services told Vulture South the arrangement would cover critical patching for eight agencies for the year to 14 April 2015.
"The arrangement covers ServiceFirst, NSW Health, NSW Fire and Rescue, [NSW] Police, Transport for NSW, Department of Trade and Investment, Department of Family and Community Services, Endeavour Energy and Energy Australia," the spokesperson said.
"No additional licences were purchased as part of this arrangement. The contract value is AU$519,991 (estimated value of the goods and services over the term of the contract)."
The cash pays for Microsoft to patch only critical security holes in the platform, something that appeared to be done quietly without the usual public notices offered for its products.
Vulture South suggests it could be reasonable that the number of security holes reported in XP has reduced in line with a drop in interest in the platform among the whitehat security community, which propped Redmond up a bit over the years.
If this was the case, combined with the platform's lack of security functions like Address Space Layout Randomisation (ASLR), the OS is an easy shot for attackers targeting XP government users.
Users could run Microsoft's Enhanced Mitigation Experience Toolkit (EMET) that could force apps through ASLR and deploy Structured Exception Handler Overwrite Protection for defence against stack overflows if Service Pack 3 was installed, but not all security features could be used.
The NSW Government joined Victoria Police which was using XP until the end of this year, and Netherlands and Britain in shelving out for pricey custom agreements to keep XP running on what may be legacy systems where migration to new platforms could be difficult.
Most of the world's Automatic Teller Machines were also part of XP's plummeting 17 percent user base which fell markedly over the last month.
Cash dispensing vendors often run an embedded version of XP supported until 2016, but that has not stopped some manufacturers and operators from migrating to Windows 7. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust