As many have heard by now, Microsoft will be ending support for Windows XP on Tuesday, April 8th. On that day, Microsoft will release their last set of patches for the operating system. After that, any vulnerability that exists will exist forever. We expect to see attacks on vulnerabilities that Microsoft has not patched, or not known of, starting that afternoon putting machines running Windows XP at risk.
IT has been working with departments to migrate machines running Windows XP over to Windows 7, but there are still many machines on campus that have not been migrated. To mitigate the risks to the remaining Windows XP installations, IT will do the following on Monday, April 7th:
- Turn on the Windows XP firewall on all Windows XP machines in the Universities various domains blocking all incoming connections but allowing the machine to be used as normal otherwise. This will not impede the user of the machine from browsing the web or any other activity, it will only affect other machines being able to initiate a connection to the Windows XP machine.
- Put a firewall rule in place to allow remote desktop connections to the machines as long as the user is logged in to the VPN server (vpn.mtu.edu) and has chosen the “Get an MTU address” option. This includes remote desktop connections coming from other areas on campus which have been allowed without a VPN connection previously.
- Anti-virus software has been installed on all domain machines and will continue to be updated to protect against known attack.
For our users, your machine should only be at minimal risk after these changes with the exception of your web browser of choice. We ask that users on Windows XP machines do not use Internet Explorer as it will remain vulnerable. Both Firefox and Chrome will continue to be updated to correct future vulnerabilities.
If we discover a Windows XP machine on the network that has been compromised and is attacking other machines, we will follow our normal procedure of temporarily taking the machine off from the network, but instead of cleaning it, it will be rebuilt with Windows 7. If you believe that your machine may be infected, please contact IT User Services as soon as possible.
If you have a University owned machine that is still running Windows XP, please contact User Services at email@example.com or 7-1111 to schedule a time for your machine to be transitioned to Windows 7.
For home users still running Windows XP you can add similar protection to your machine to help extend its life, but the machine should be updated as soon as possible. You should do the following:
- Make sure you have the Windows Firewall turned on from the control panel. Though important, many home routers will already offer you most of this protection, even if it’s turned off.
- Avoid using a Windows XP laptop on a public wireless system unless you have turned on the firewall, as your home router will not be of assistance.
- Make sure you are running an up-to-date anti-virus program. AVG is available for free to users at http://free.avg.com.
- Upgrade your system to version Windows 7 or later as soon as you can.
We’ve launched a Google Site with more information on the end of Windows XP (https://sites.google.com/a/mtu.edu/itss-winxp-transition/). If you have any questions or concerns regarding the transition to Windows 7 or about an existing Windows XP installation, please contact User Services.