Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

US taxman slammed: Half of the IRS's servers still run doomed Windows Server 2003

And 1,300 PCs running Win XP that it can't find

Half of America's Internal Revenue Service's (IRS) servers are running Windows Server 2003, despite extended support for it ending in July.

That's according to a report by the Treasury Inspector General that took a look at the IRS' $139m upgrade program.

The report is distinctly unimpressed and notes that the IRS "did not follow established policies over project management and provided inadequate oversight and monitoring."

As a result, the US government's tax system is potentially wide open to hackers because Microsoft has officially and publicly stopped issuing security patches for the operating system.

In an effort to avoid a massive security breach, the IRS has agreed to pay Microsoft an undisclosed "premium fee" to continue to support and patch its servers – something the report slams as indicating that the IRS "has not adequately planned for the Windows server upgrade in regard to the costs, potential security implications, and amount of time necessary to complete the upgrade."

It notes: "Upgrading to the new Microsoft workstation and server operating systems is critical, because older versions are not supported and regularly patched for security flaws, which makes them more vulnerable to hacking."

Despite having spent hundreds of millions of dollars, the program has also only managed to upgrade servers to Windows 2008. Not a single machine is running the more recent Windows 2012.

I got this ... whoops

The report lays much of the blame for the disastrous rollout on IRS CTO Terry Milholland who, according to the report, decided to take personal control of the upgrade in July 2012 when it became clear the process was already massively delayed.

The result of not having an executive steering committee – the usual process – was that "basic planning documents such as budget estimates and deployment schedules are still unsigned and incomplete." It also notes that "no official meeting minutes with the CTO or decision documents were created or signed."

In addition, the IRS reported in December 2014 that it has managed to upgrade all its workstations from Windows XP to Windows 7. But it later turned out that there were 1,300 computers still running XP. Where they were, though, nobody knew because of "inaccuracies in the inventory records."

"For the IRS, the use of outdated operating systems may expose taxpayer information to unauthorized disclosure, which can lead to identity theft. Further, network disruptions and security breaches may prevent the IRS from performing vital taxpayer services such as processing tax returns, issuing refunds, and answering taxpayer inquiries," the report noted.

In August, the IRS revealed that it had suffered a data breach in which 334,000 people's personal information was accessed. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like