Kurt Shintaku's Blog

This is what we know will happen April 8th, 2014.

• All patches for Windows XP will cease on this final Patch Tuesday.
• One last release of patches will be made before the spigot on security patches is turned off for Windows XP.
• The remaining 15-25% of the world still running on Windows XP will no longer be secure from this day forward.

Now I had a horrible thought the other day about this scenario.  What if, on April 8th, 2014, the following hypothetical scenario occurs:

• Microsoft turns out to be aware of more bugs in their products than they can patch, and thus they patch opportunistically based on the level of the threat & the imminence of danger.  On April 8th, anything remaining goes unpatched.
• Having known about April 8th, 2014 for a while, “Black Hats” release malware (viruses, trojans, browser flaws, etc.) that they’ve been saving specifically for this date, knowing that their flaws will not be fixed.
• Antivirus & traditional thread detection is rendered moot.  Primary attack vectors turn out to be the quickest, most difficult-to-prevent means of infection, such as by browsing a web page with a Javascript threat… or possibly the means with the widest reach on day one: Email attachment executable.
• To sustain the threat as long as possible, polymorphism will be the default, to attempt to mitigate protection through rapid ‘zero-day’ virus definition updates, knowing that antivirus agents are the only protection XP systems have.
• Compromised workstations are zombied to initiate infections remotely to peer workstations on the same LAN segments. Network traffic increases to astronomical congestive levels from beaconing infected workstations. 
• Even if patches were available, networks without managed QoS find themselves unable to emergency patch PCs dues to overwhelming traffic.
• Antivirus companies are swamped with 911 calls to update definitions.  Response times for analysis are slowed to a crawl.

Again, “what if” in the aftermath:

• Organizations that have not moved off of Window XP without Microsoft Custom Support agreements, scour the web for ‘renegade’ fixes written by independent organizations.  Illicit public domain patches become the easiest way for blackhats to implement other threats at an administrative level.
• Meetings are held to estimate the costs of a Windows XP custom support agreement for customers with Premier Support in place that are eligible for CSAs.  Costs for support exceed the cost of simply upgrading Windows XP.
• Business grinds to a halt for organizations with infected Windows XP PCs.  PC-to-PC manual remediation is found to, at least initially, be the only way to reduce traffic until desktop management software can be effective again.
• Body shops are called in to assist.  Overnight, round-the-clock shifts are taken to mitigate the threats as they come.
• Security engagements with white hat/cybersecurity teams skyrocket to investigate more complex threat penetration to key systems such as Domain Controllers.
• Reports… lots of reports, status, CYA documentation… must be written.

And while the Business section of the newspaper reports the impact to the world, companies with IT depts that migrated off Windows XP look on with a sense of relief.