Two major operating system releases have officially come to end of life this month. On July 13th, Microsoft dropped support for both Windows 2000 and Windows XP SP2, meaning no more patches will be rolled out for these operating systems. This includes both Windows 2000 Server and Professional, as well as all editions of XP SP2.
Of course, in terms of security, this is a significant development since any new vulnerabilities discovered that affect these products (and there are many on an ongoing basis, just have a look at our NVC coverage here) will not be patched, and thus will remain wide open to attack. Key protection elements we always recommend against vulnerability exploits include patch management and intrusion prevention. With no further patches offered, operating system patch management effectively becomes null and void. While the best course of action is to upgrade to an operating system which supports up-to-date patches, it may take some time since a full OS upgrade can change many components and functions on a system that need to be tested. While thinking of upgrade paths, it becomes very important to guard against attacks that will continue to target these (now) legacy systems. Even once an upgrade is complete, the very same safeguards should be applied since they will help protect against future zero-days before they are patched; and even attack attempts when a system has been fully patched.
As a recent example, let’s examine CVE-2010-2568 – the “.LNK” vulnerability that’s been a hot topic (a.k.a. Stuxnet). As of writing, this issue has not been patched by Microsoft and it is likely that when a patch is released, Windows 2000 and XP SP2 will not be supported since they are now past end of life. There are several mitigation layers to this issue, two of which lie in antivirus and intrusion prevention. For example, in our labs, we have developed both IPS and antivirus signatures to detect against the malicious “.LNK” files that exploit this vulnerability.
Through analogy, an unpatched system with antivirus and intrusion prevention at the gateway is like a vaultless bank with police enforcement on the scene 24/7/365. There’s never one silver bullet to stop a threat through all of its vectors, but proper security practices combined with a serviced security solution that supports technologies such as antivirus and intrusion prevention is certainly a valid approach. FortiGuard Labs regularly adds protection through both antivirus and intrusion prevention for new vulnerabilities, and will continue to add definitions for vulnerabilities that affect Windows 2000 and XP.
All Posts
Twitter
FaceBook
LinkedIn
YouTube