Microsoft extends Windows XP anti-malware support as security issue looms over cash machines running the old OS

Limited anti-malware support to continue for Windows XP as banks rush to upgrade cash machines running the aging operating system

Software giant Microsoft has pledged to continue providing anti-malware support for its 12-year-old client operating system Windows XP after the revelation that discontinuing support in April could leave cash machines around the world vulnerable.

In a blog post, the company asserted that while the cessation of support for the operating system will remain 8 April 2014, it will continue to update is anti-malware signatures and engine for users until 14 July 2015.

The stay of execution was announced as it was revealed that 95 per cent of cash machines around the world run on Windows XP CE, with just 15 per cent likely to be upgraded before the April deadline. Given the age of the hardware that those cash machines will be using, to upgrade them to a more modern Windows operating system may require wholesale hardware upgrades too.

However, a failure to upgrade the machines will leave them wide open to attack. In a recent spate of attacks on cash machines in Europe, a high-tech criminal gang has been using USB sticks to infect cash machines with malware, enabling them to empty the machines of their money while leaving behind few clues.

In a remarkable failure of security, not only do some designs of cash machine feature USB ports, but they can even be booted from a USB stick - enabling attackers to take control of them.

The attacks were reported by two German researchers, who preferred to remain anonymous, but who claim to have discovered a number of such attacks during 2013. The machines' casing had been cut into precisely where its hidden USB sockets could be found - indicating that the attackers had sophisticated knowledge not just of Windows XP flaws that could be exploited, but also where and how to find the USB sockets on the cash machine.

They claim that analysis of the disk image of one of the cash machines affected revealed that the hackers had been able to plug in a USB stick to one of the device's USB sockets, utilising the operating system's default auto-run option to make it execute malware, thereby enabling them to take over the machine.