Microsoft Windows Operating System XP Embedded Approaching End of Life

An Issue You Will Need to Deal With Sooner Than Later – Microsoft Windows XP Embedded‘s End of Life is in January.

XP Embedded, the workhorse of the modern Point of Sale age is going away.  After a more than 14 year run, extended support for the product is ending.  The reason?  Vulnerabilities in older encryption protocols such as TLS 1 will no longer be supported by Microsoft as they cannot get them to new standards on Windows XP based operating systems.  This will essentially render all systems with the XP operating system to be non-PCI compliant effective January 13, 2016.EndofLife

Included in this group are:

  • Microsoft Windows Embedded XP

Not updating your POS system to a compliant operating system will put your POS environment in violation of PCI compliance in at least 3 areas (quoted from PCI DSS v3: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf):

  • “6.2 Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.”
  • “11.2.1 Perform quarterly internal vulnerability scans and rescans as needed, until all “high-risk” vulnerabilities (as identified in Requirement 6.1) are resolved.”
  • “11.3.3 Exploitable vulnerabilities found during penetration testing are corrected and testing is repeated to verify the corrections

This means if you are running a POS system with Windows XP, you have to do something now.   Please contact us (http://www.rdspos.com) for an assessment on if your environment is at risk.

By Patrick Solum

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s