SANS Rocky Mountain Fall is Live Online! Join us Nov 2-7 MT for 17 interactive courses + NetWars. Save $300 thru 10/7.


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

End of XP support and arrival of new Windows Server 2012 should prompt security evaluation in the face of growing APT threat

Leading security expert debuts new SANS Securing Windows and Resisting Malware course in Amsterdam this April

  • United Kingdom
  • 2nd April, 2013

In April of 2014, Microsoft will stop releasing any new security patches for Windows XP. "Like it or not, migrating off Windows XP is no longer optional, the clock is counting down", says Jason Fossen, principal security consultant at Enclave Consulting LLC, published author and a noted public speaker on Microsoft security issues.

"Hackers are still actively looking for vulnerabilities within the older operating systems. As of April 2014, Microsoft will no longer release any new security patches for Windows XP," explains Fossen. "Roughly half of all business and government computers are still running Windows XP, and the time is running out before XP’s end of life. XP vulnerabilities published after April of 2014 will be very valuable to hackers and malware designers."

Fossen believes that older operating system and unpatched application software such as Adobe Reader and Java are instrumental in the rise of Advanced Persistent Threat (APT). The expert points to the recent report from Mandiant on APT1, an organised group which it links to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398).

According to its research, since 2006 APT1 has conducted economic espionage against 141 victims across multiple industries. The report also highlights 40 APT1 malware families that have been used in attacks. "APT attacks will exploit Microsoft operating systems and securing Windows is absolutely critical in reducing the risk of APT," says Fossen.

Fossen stresses that the issue is not entirely the fault of Microsoft, as all operating systems eventually need to be decommissioned. However, organisations often underestimate the security risk of waiting till the last moment to migrate and cannot migrate sooner or more quickly because of budget constraints. "Newer versions of Windows provide features that help resist APT but only if correctly configured and deployed and many organisations still lack the knowledge to utilise these features in a coherent fashion," Fossen adds.

Fossen will be teaching the new SANS SEC505: Securing Windows and Resisting Malware course which will be making its European debut at SANS Secure Europe 2013. The SANS instructor has spent several months updating the course syllabus to reflect the arrival of new operating systems, but highlights the end of life for previous versions as a much more worrying event.

This course teaches the most important things to do to secure Windows and how to minimize the impact on users of these changes. Through hands on demonstrations, the course teaches step-by-step exercises and offers preparation for the GIAC Certified Windows Security Administrator (GCWN) certification exam.

"As we live within a world where Advanced Persistent Threat malware is now commonplace, unsupported and vulnerable operating systems residing within a seemingly secure environment can become a breeding ground for APT. Organisations need to develop a migration strategy to get off Windows XP before April of 2014, not after."

The Securing Windows and Resisting Malware course is fully updated for Windows Server 2012, Windows 8, Server 2008-R2, and Windows 7.

SANS Secure Europe 2013, mainland Europe's largest InfoSec training event will be returning to Amsterdam's Radisson Blu Hotel from 15th to 27th of April 2013 with a roster of eight essential training courses plus free evening talks, networking opportunities and NetWars session. For more information about the training event including course overviews and GIAC Certification, or to register, please visit:

Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (