Government PCs at risk of being hacked as Windows XP support ends

Government isn't renewing its £5.5m support deal with Microsoft, leaving departments having to seek support themselves

Thousands of government PCs are at risk of being hacked as a result of the ending of the Government Digital Service's contract with Microsoft for Windows XP support.

Windows XP is 14 years old, and support for the operating system expired in April 2014. But some organisations had signed deals with Microsoft to provide support and security updates for a further 12 months. The Crown Commercial Service was one of those, penning a £5.5m deal last year to ensure government departments were supported as they migrated to newer versions of the operating system such as Windows 7 and 8.

But the Office of the Chief Technology Officer told the Guardian that GDS has decided not to extend that support.

"Technology leaders met last month and took a collective decision to not extend the support arrangement for 2015. The current support agreement ended in April 2015," it said.

This will leave many departments at risk of attacks as Windows XP PCs will not be patched or have bugs fixed.

The Crown Commercial Service suggested that its deal with Microsoft last year had saved the government £20m, as it covered the whole of the public sector rather than that being left to individual departments. But the fact that they haven't renewed the contract could leave many departments having to seek support from Microsoft on their own.

The Metropolitan Police Service (MPS) is one of those, with freedom of information requests revealing that is still using Windows XP on over 35,000 desktop and laptop computers.

A spokesperson from MPS told Computing last month that it had an active upgrade programme to move users onto the latest Windows 8.1 operating system, but was indeed in talks with Microsoft to extend support for Windows XP.

"The MPS has requested a direct option with Microsoft to continue a custom support agreement for Windows XP for the next 12 months. This is currently being negotiated directly with Microsoft," the spokesperson said.

The government has advised departments that are not up-to-date to follow its "obsolete platforms security guidance".

"It is vital that all organisations only use software products which are supported by the vendor, and that plans be made to migrate from older products as the end of support period is reached," the guidance, released last month, advises.

And departments are unlikely to be able to rest easy once they have migrated to Windows 7 or 8, as Microsoft is discontinuing support for Windows Server 2003 in July.