Hundreds of millions of computers running everything from ATMs to the power grid will be vulnerable to hacking next month when Microsoft stops supporting its old Windows XP operating system.
Hackers have been holding onto flaws in Windows XP and waiting to exploit them until after the software giant stops issuing security updates on April 8, experts say.
Adam Meyers, vice president of intelligence at Crowdstrike, a cybersecurity firm, said it was “fairly dangerous” to continue using the 12-year-old operating system because after the deadline “victims can’t defend themselves.”
“I certainly wouldn't run Windows XP after the 8th," Meyers said in an interview.
Microsoft announced six years ago it will no longer provide security patches or technical support for the out-of-date software. Yet about one-third of computers around the world -- or about 500 million PCs -- still run Windows XP.
On Microsoft’s website, a clock ticks down to next month’s Windows deadline and a note warns customers that after April 8, not even anti-virus software will protect PCs that run the obsolete operating system.
“Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information,” the site says.
In a statement, a Microsoft spokesman said consumers should upgrade to Windows 7 or Windows 8.1, which costs $120 to install. The company will continue to update anti-malware products for Windows XP users through July 14, 2015. “We realize there are some who are still completing the migration process,” the spokesman said.
A wide range of institutions will face increased security risks next month because they still run the old software.
For example, hundreds of thousands of federal government computers still operate Windows XP, including many PCs that contain classified military and diplomatic information, according to The Washington Post.
About half of the estimated 4,000 electric utilities in North America also still use computers with the outdated Windows software, according to Patrick C. Miller, founder of the nonprofit Energy Sector Security Consortium.
Miller said many utilities still run Windows XP because it costs millions of dollars and takes years to upgrade all of their computers to newer software. To pay for the upgrade, utilities must ask state commissions to increase rates on consumers, and some of them have been denied, he said.
Miller said his biggest concern is a hacker attacking the unpatched Windows software in order to cause a blackout on a hot summer day. "And we don't know how long the blackout would last because there's no fix from the vendor," said Miller, who is now managing partner with The Anfield Group, a security consulting firm.
Nadya Bartol, a cybersecurity expert at the Utilities Telecom Council, said most of the country’s utilities have computer networks with multiple layers of security. She said the hacking risk depends on where those PCs are located within the network.
“We should be concerned and we should replace these operating systems,” Bartol told HuffPost. “But we shouldn’t be alarmist.”
In addition, only 38 percent of the nation’s some 425,000 cash machines will have upgraded from Windows XP by April 8, according to David Tente, the executive director of the ATM Industry Association.
Some banks have negotiated extensions with Microsoft or paid the company for custom support after the deadline. Still, numerous IT technicians are visiting ATMs around the country to replace the outdated Windows software by hand, a process that takes about an hour each time, Tente told HuffPost.
ATMs running the software pose little risk to consumers, but could cost banks if a hacker finds a way to trick the machines.
“There have been cases where hackers have fooled the ATM into thinking it’s dispensing dollar bills when it's really dispensing twenty dollar bills,” Tente said.
He said such risks are unlikely to increase immediately after April 8.
“But over time, there’s a greater risk of flaws that can be taken advantage of because you don’t have those patches coming in,” he said.
Microsoft introduced Windows XP in 2001. Back then, reviewers praised the software for being easy to use and not crashing as often as previous Windows versions. The operating system remained on millions of computers for years because its replacement, Windows Vista, was plagued with numerous problems.
Now, Microsoft is trying to adapt to a landscape that is less focused on desktops and more focused on mobile devices. Windows 8.1, which was released last fall, includes many touch-screen features and was designed for both tablets and desktops.
But even as Microsoft pushes customers to upgrade from Windows XP, the company has struggled to keep up in a post-PC world. In the months after the Windows 8 was release, PC sales dropped 14 percent.