14 DAY TRIAL // Windows XP no longer receives updates since April 2014, but some organizations are only now planning to upgrade to a newer operating system.
India, for example, has issued a notice for all banks in the country requiring them to implement new security systems and eventually abandon Windows XP entirely by June 2019.
In the memo released last week, the Reserve Bank of India says that the transition off Windows XP has until now progressed slowly, so wants to see further migration efforts by mid-2019.
“The slow progress on the part of the banks in addressing these issues has been viewed seriously by the RBI. As you may appreciate, the vulnerability arising from the banks’ ATMs operating on unsupported version of operating system and non-implementation of other security measures, could potentially affect the interests of the banks’ customers adversely, apart from such occurrences, if any, impinging on the image of the bank,” it says.
Additional security methods
The first thing banks should do is implement additional security measures, like BIOS passwords and disabling USB ports by August this year. Banks are also required to apply the latest patches and disable auto-run on their ATMs in the next couple of months.
Then, by March 2019, all banks should secure ATMs with anti-skimming solutions and implement whitelisting filters to make sure that only allowed software runs. RBI wants at least 25 percent of the ATMs to be upgraded from Windows XP by September, while by December, the progress should reach 50 percent. By March, 75 percent of the cash machines must be on a newer operating system.
Windows XP has a 4 percent market share worldwide despite no longer getting any security fixes for more than 48 months. It was launched in 2001 and is considered to be one of the most successful products ever released by Microsoft.