SlideShare a Scribd company logo

Windows xp/7 - What can we do ?

Download as PPTX, PDF
A
Antonio Bartolozzi

“One in three NHS computers still running Windows 7 and Thousands of NHS computers are still running Windows XP” – What can we do ?

Software
1 of 18
1 How to (try to) Keep your Windows XP/7 Machines more Secure Antonio Bartolozzi antonio.bartolozzi@bartolozzi.it Grosseto 5/12/2019 “Thousands of NHS computers are still running Windows XP ” “One in three NHS computers still running Windows 7” Microsoft ended support for Windows 7 in January 2020 and for Windows XP in April of 2014.
2antonio.bartolozzi@bartolozzi.it Windows XP Windows XP is still used by millions of people (also healthcare organizations) in different parts of the world. As per market share goes, Windows XP has (more or less ) 4% market share. Microsoft has ended support for Windows XP back in April of 2014. “The NHS still has over 2,000 machines running Windows XP” 16 July 2019 - infosecurity-magazine.com https://www.infosecurity-magazine.com/news/nhs-still-running-2000-xp-computers/
3antonio.bartolozzi@bartolozzi.it Windows 7 Although the end of life for Windows 7/XP has been a well- known fact, according to web analytics the actual usage of Windows 7 has not rapidly decreased. The market share for Windows 7 increased over January 2019 from 36.9 percent to 37.19 percent. As of December 2019, Windows: • 10 has a 40.9% market share. • 7 has a 37.2% market share. • XP has a market share of 2.76%. On January 14 2020, users of Windows 7 (currently on “extended support”) received the same treatment as users of Windows XP and other earlier versions of Windows, the end of Microsoft update support. That means users will no longer receive security updates for the Windows security applications. Among other things, this means that the anti-virus protection in Windows 7 will no longer be upgraded.
4antonio.bartolozzi@bartolozzi.it What can I do ? 1. Install an updated Antivirus and a strong Firewall 2. Regularly scan Windows XP/7 systems (remember that there are a lot of Windows XP Embedded systems) 3. Take Advantage of Available XP Security Patch
5antonio.bartolozzi@bartolozzi.it Use Always antivirus and Firewall Use updated Antivirus Old (but strong) firewall version is better than nothing
6antonio.bartolozzi@bartolozzi.it Firewall A strong Firewall can block dangerous connections from the internet : it helps but does not completly solve the problem.
7antonio.bartolozzi@bartolozzi.it How to find vulnerabilities in Windows XP/7 • Use PC as a scan systems with a nmap application • Find patches for vulnerabilities • Install patches Follow MY  instructions, see next slides.
8antonio.bartolozzi@bartolozzi.it Check Your System with a Scanning Engine https://nmap.org/download.html Download latest stable release self-installer: nmap-7.80- setup.exe Install Nmap Applicartion Install NMAP in a laptop PC: you will use it to scan Windows XP/7 System via network
9antonio.bartolozzi@bartolozzi.it How to Find Your PC's IP Address in Windows XP/7 Use ipconfig via CMD (Start -> Run -> CMD) IP Address
10antonio.bartolozzi@bartolozzi.it How to scan a Windows XP/7 System 192.168.133.140 nmap --script vuln Use detected IP Address Insert the following command Click scan button 1 2 3
11antonio.bartolozzi@bartolozzi.it Click Scan and … HORROR Your system is vulnareble ! Use Vulnerability code
12antonio.bartolozzi@bartolozzi.it Embedded systems You can use this producedure to also find vulnerabilities on embedded devices e.g. medical devices with a XP Windows operating system. Do not attempt to solve the problem on medical devices. Test the medical devices in a test environment : Don't run security tests in a production environment. Critical vulnerabilities have been identified in GE Healthcare patient monitoring products by a security researcher at CyberMDX CVE-2020-6963 (CVSS 10.0) concerns the use of hard-coded Server Message Block (SMB) credentials (CWE-798). An attacker could establish an SMB connection and read or write files on the system. The credentials could be obtained through the password recovery utility of the Windows XP Embedded operating system.
13antonio.bartolozzi@bartolozzi.it Find the patch "ms17-010" "Windows XP" Microsoft
14antonio.bartolozzi@bartolozzi.it Download Security Update for Windows XP SP3 (KB4012598) Vulnerability ID ms17-010
15antonio.bartolozzi@bartolozzi.it Run as Administrator RUN AS ADMINSTRATOR
16antonio.bartolozzi@bartolozzi.it Install OS Patch 1 2 3 4
17antonio.bartolozzi@bartolozzi.it After reboot, re-scan SCAN AGAIN NO MORE VULNERABILITIES
18antonio.bartolozzi@bartolozzi.it CONCLUSIONS • You can regularly use tools to identify and fix vulnerabilities so the system is more secure • Do not use Windows XP/7 PC with vulnerabilities • However, Please, stop using Windows XP systems as soon as possible! • Microsoft offers extended security update (ESU) support for Windows 7 (Professional or Enterprise versions only). Buy extended support or stop using Windows 7 systems as soon as possible!

Recommended

Bi-dimensional risk analysis - safety&security -software medical device
Bi-dimensional risk analysis - safety&security -software medical device Bi-dimensional risk analysis - safety&security -software medical device
Bi-dimensional risk analysis - safety&security -software medical device
Antonio Bartolozzi
 
MDR- Significant changes in the design and intended purpose
MDR- Significant changes in the design and intended purposeMDR- Significant changes in the design and intended purpose
MDR- Significant changes in the design and intended purpose
Antonio Bartolozzi
 
Review Mdcg 2019-11 guidance on qualification and classification of software
Review Mdcg 2019-11 guidance on qualification and classification of software Review Mdcg 2019-11 guidance on qualification and classification of software
Review Mdcg 2019-11 guidance on qualification and classification of software
Antonio Bartolozzi
 
MDCG 2020 Guidance on significant changes- Review, problems and tips
MDCG 2020 Guidance on significant changes- Review, problems and tipsMDCG 2020 Guidance on significant changes- Review, problems and tips
MDCG 2020 Guidance on significant changes- Review, problems and tips
Antonio Bartolozzi
 
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdrMdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Antonio Bartolozzi
 
Clinical investigations - Intended Normal condition of use
Clinical investigations - Intended Normal condition of use Clinical investigations - Intended Normal condition of use
Clinical investigations - Intended Normal condition of use
Antonio Bartolozzi
 
Medical Risk Management
Medical Risk ManagementMedical Risk Management
Medical Risk Management
Intland Software GmbH
 
What You Need to Know About Medical Electrical Standards Updates (and how the...
What You Need to Know About Medical Electrical Standards Updates (and how the...What You Need to Know About Medical Electrical Standards Updates (and how the...
What You Need to Know About Medical Electrical Standards Updates (and how the...
Greenlight Guru
 

Recommended

Bi-dimensional risk analysis - safety&security -software medical device
Bi-dimensional risk analysis - safety&security -software medical device Bi-dimensional risk analysis - safety&security -software medical device
Bi-dimensional risk analysis - safety&security -software medical device
Antonio Bartolozzi
 
MDR- Significant changes in the design and intended purpose
MDR- Significant changes in the design and intended purposeMDR- Significant changes in the design and intended purpose
MDR- Significant changes in the design and intended purpose
Antonio Bartolozzi
 
Review Mdcg 2019-11 guidance on qualification and classification of software
Review Mdcg 2019-11 guidance on qualification and classification of software Review Mdcg 2019-11 guidance on qualification and classification of software
Review Mdcg 2019-11 guidance on qualification and classification of software
Antonio Bartolozzi
 
MDCG 2020 Guidance on significant changes- Review, problems and tips
MDCG 2020 Guidance on significant changes- Review, problems and tipsMDCG 2020 Guidance on significant changes- Review, problems and tips
MDCG 2020 Guidance on significant changes- Review, problems and tips
Antonio Bartolozzi
 
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdrMdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Mdcg 2019 11 guidance on qualification and classification of software mdr-ivdr
Antonio Bartolozzi
 
Clinical investigations - Intended Normal condition of use
Clinical investigations - Intended Normal condition of use Clinical investigations - Intended Normal condition of use
Clinical investigations - Intended Normal condition of use
Antonio Bartolozzi
 
Medical Risk Management
Medical Risk ManagementMedical Risk Management
Medical Risk Management
Intland Software GmbH
 
What You Need to Know About Medical Electrical Standards Updates (and how the...
What You Need to Know About Medical Electrical Standards Updates (and how the...What You Need to Know About Medical Electrical Standards Updates (and how the...
What You Need to Know About Medical Electrical Standards Updates (and how the...
Greenlight Guru
 
Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
Sheersha Pramanik 🇮🇳
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Donald E. Hester
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleUnderstanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Donald E. Hester
 
The Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDThe Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMD
Janel Heilbrunn
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
timmcguinness
 
Security
SecuritySecurity
Security
a1aass
 
Process Safety Life Cycle Management: Best Practices and Processes
Process Safety Life Cycle Management: Best Practices and ProcessesProcess Safety Life Cycle Management: Best Practices and Processes
Process Safety Life Cycle Management: Best Practices and Processes
Md Rahaman
 
Security life cycle
Security life cycleSecurity life cycle
Security life cycle
Juan Perez
 
EN ISO 14971 - Transitioning to 2009 version
EN ISO 14971 - Transitioning to 2009 versionEN ISO 14971 - Transitioning to 2009 version
EN ISO 14971 - Transitioning to 2009 version
MedTech Review, LLC
 
Presentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goodsPresentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goods
TGA Australia
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
William McBorrough
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
danphilpott
 
Rule 11 and imdrf ue 2017 745 v06
Rule 11 and imdrf ue 2017 745 v06Rule 11 and imdrf ue 2017 745 v06
Rule 11 and imdrf ue 2017 745 v06
Antonio Bartolozzi
 
IS audit checklist
IS audit checklistIS audit checklist
IS audit checklist
iFour Consultancy Services
 
Purpose of Embedded Systems
Purpose of Embedded Systems Purpose of Embedded Systems
Purpose of Embedded Systems
VijayKumar5738
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
John Gilligan
 
Scope of work IT DD
Scope of work IT DDScope of work IT DD
Scope of work IT DD
Ivan Piskunov
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
VISTA InfoSec
 
Security testing
Security testingSecurity testing
Security testing
Maheshwar Kanitkar
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
Lisa Niles
 
Information security for health practitioners
Information security for health practitionersInformation security for health practitioners
Information security for health practitioners
Danny Doobay
 
Esetna wp windows8-fud
Esetna wp windows8-fudEsetna wp windows8-fud
Esetna wp windows8-fud
Anatoliy Tkachev
 

More Related Content

What's hot

Security life cycle
Security life cycleSecurity life cycle
Security life cycle
Juan Perez
 
Presentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goodsPresentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goods
TGA Australia
 

What's hot (20)

Cybersecurity in Medical Devices
Cybersecurity in Medical DevicesCybersecurity in Medical Devices
Cybersecurity in Medical Devices
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
Understanding the Risk Management Framework & (ISC)2 CAP Module 13: Contingen...
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life CycleUnderstanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
Understanding the Risk Management Framework & (ISC)2 CAP Module 4: Life Cycle
 
The Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMDThe Future of Quality and Regulatory for SaMD
The Future of Quality and Regulatory for SaMD
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
 
Security
SecuritySecurity
Security
 
Process Safety Life Cycle Management: Best Practices and Processes
Process Safety Life Cycle Management: Best Practices and ProcessesProcess Safety Life Cycle Management: Best Practices and Processes
Process Safety Life Cycle Management: Best Practices and Processes
 
Security life cycle
Security life cycleSecurity life cycle
Security life cycle
 
EN ISO 14971 - Transitioning to 2009 version
EN ISO 14971 - Transitioning to 2009 versionEN ISO 14971 - Transitioning to 2009 version
EN ISO 14971 - Transitioning to 2009 version
 
Presentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goodsPresentation: TGA - Software inspections and therapeutic goods
Presentation: TGA - Software inspections and therapeutic goods
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
 
Rule 11 and imdrf ue 2017 745 v06
Rule 11 and imdrf ue 2017 745 v06Rule 11 and imdrf ue 2017 745 v06
Rule 11 and imdrf ue 2017 745 v06
 
IS audit checklist
IS audit checklistIS audit checklist
IS audit checklist
 
Purpose of Embedded Systems
Purpose of Embedded Systems Purpose of Embedded Systems
Purpose of Embedded Systems
 
Solving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity DilemmaSolving the CIO’s Cybersecurity Dilemma
Solving the CIO’s Cybersecurity Dilemma
 
Scope of work IT DD
Scope of work IT DDScope of work IT DD
Scope of work IT DD
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Security testing
Security testingSecurity testing
Security testing
 
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
SynerComm's Tech TV series CIS Top 20 Critical Security Controls #3
 

Similar to Windows xp/7 - What can we do ?

Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxMeltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
roushhsiu
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
Sejahtera Affif
 
Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
Passreset
 
La1 information and communication technology and society
La1 information and communication technology and societyLa1 information and communication technology and society
La1 information and communication technology and society
Azmiah Mahmud
 
Learning area 1_-_information_and_communication_technology_and_society
Learning area 1_-_information_and_communication_technology_and_societyLearning area 1_-_information_and_communication_technology_and_society
Learning area 1_-_information_and_communication_technology_and_society
Saktis Kesavan
 
Learning area 1 information and communication technology and society
Learning area 1 information and communication technology and societyLearning area 1 information and communication technology and society
Learning area 1 information and communication technology and society
Shuren Lew
 

Similar to Windows xp/7 - What can we do ? (20)

Information security for health practitioners
Information security for health practitionersInformation security for health practitioners
Information security for health practitioners
 
Esetna wp windows8-fud
Esetna wp windows8-fudEsetna wp windows8-fud
Esetna wp windows8-fud
 
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docxMeltdown and Spectre Haunt the World’s Computers”In early Janua.docx
Meltdown and Spectre Haunt the World’s Computers”In early Janua.docx
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
 
10 security enhancements
10 security enhancements10 security enhancements
10 security enhancements
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020Ivanti Patch Tuesday for April 2020
Ivanti Patch Tuesday for April 2020
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
 
Windows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password resetWindows 7 Security--Windows 7 password reset
Windows 7 Security--Windows 7 password reset
 
January Patch Tuesday 2019
January Patch Tuesday 2019January Patch Tuesday 2019
January Patch Tuesday 2019
 
Ivanti May 2020 Patch Tuesday
Ivanti May 2020 Patch TuesdayIvanti May 2020 Patch Tuesday
Ivanti May 2020 Patch Tuesday
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019Ivanti Patch Tuesday for December 2019
Ivanti Patch Tuesday for December 2019
 
Patch Tuesday August 2020
Patch Tuesday August 2020 Patch Tuesday August 2020
Patch Tuesday August 2020
 
La1 information and communication technology and society
La1 information and communication technology and societyLa1 information and communication technology and society
La1 information and communication technology and society
 
Learning area 1_-_information_and_communication_technology_and_society
Learning area 1_-_information_and_communication_technology_and_societyLearning area 1_-_information_and_communication_technology_and_society
Learning area 1_-_information_and_communication_technology_and_society
 
Learning area 1 information and communication technology and society
Learning area 1 information and communication technology and societyLearning area 1 information and communication technology and society
Learning area 1 information and communication technology and society
 
Windows Vista Security
Windows Vista SecurityWindows Vista Security
Windows Vista Security
 
Windows7sins
Windows7sinsWindows7sins
Windows7sins
 
Conficker
ConfickerConficker
Conficker
 

More from Antonio Bartolozzi

More from Antonio Bartolozzi (6)

Automatically Convert Oracle Forms Code to Delphi Code
Automatically Convert Oracle Forms Code to Delphi CodeAutomatically Convert Oracle Forms Code to Delphi Code
Automatically Convert Oracle Forms Code to Delphi Code
 
Lesson 2 - convert a real application (Oracle Form => Delphi)
Lesson 2 - convert a real application (Oracle Form => Delphi)Lesson 2 - convert a real application (Oracle Form => Delphi)
Lesson 2 - convert a real application (Oracle Form => Delphi)
 
Lesson1-How to migrate your Forms code and build HTM5 APP
Lesson1-How to migrate your Forms code and build HTM5 APPLesson1-How to migrate your Forms code and build HTM5 APP
Lesson1-How to migrate your Forms code and build HTM5 APP
 
mdcg 2019 11 Decision steps for qualification of software as MDSW
mdcg 2019 11 Decision steps for qualification of software as MDSWmdcg 2019 11 Decision steps for qualification of software as MDSW
mdcg 2019 11 Decision steps for qualification of software as MDSW
 
Rule 11 vs Rule 10 UE 2017-745 v01
Rule 11 vs Rule 10 UE 2017-745 v01Rule 11 vs Rule 10 UE 2017-745 v01
Rule 11 vs Rule 10 UE 2017-745 v01
 
EU 2017/745 Rule 11 (re)interpretation
EU 2017/745 Rule 11 (re)interpretation EU 2017/745 Rule 11 (re)interpretation
EU 2017/745 Rule 11 (re)interpretation
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Recently uploaded (20)

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 

Windows xp/7 - What can we do ?

  • 1. 1 How to (try to) Keep your Windows XP/7 Machines more Secure Antonio Bartolozzi antonio.bartolozzi@bartolozzi.it Grosseto 5/12/2019 “Thousands of NHS computers are still running Windows XP ” “One in three NHS computers still running Windows 7” Microsoft ended support for Windows 7 in January 2020 and for Windows XP in April of 2014.
  • 2. 2antonio.bartolozzi@bartolozzi.it Windows XP Windows XP is still used by millions of people (also healthcare organizations) in different parts of the world. As per market share goes, Windows XP has (more or less ) 4% market share. Microsoft has ended support for Windows XP back in April of 2014. “The NHS still has over 2,000 machines running Windows XP” 16 July 2019 - infosecurity-magazine.com https://www.infosecurity-magazine.com/news/nhs-still-running-2000-xp-computers/
  • 3. 3antonio.bartolozzi@bartolozzi.it Windows 7 Although the end of life for Windows 7/XP has been a well- known fact, according to web analytics the actual usage of Windows 7 has not rapidly decreased. The market share for Windows 7 increased over January 2019 from 36.9 percent to 37.19 percent. As of December 2019, Windows: • 10 has a 40.9% market share. • 7 has a 37.2% market share. • XP has a market share of 2.76%. On January 14 2020, users of Windows 7 (currently on “extended support”) received the same treatment as users of Windows XP and other earlier versions of Windows, the end of Microsoft update support. That means users will no longer receive security updates for the Windows security applications. Among other things, this means that the anti-virus protection in Windows 7 will no longer be upgraded.
  • 4. 4antonio.bartolozzi@bartolozzi.it What can I do ? 1. Install an updated Antivirus and a strong Firewall 2. Regularly scan Windows XP/7 systems (remember that there are a lot of Windows XP Embedded systems) 3. Take Advantage of Available XP Security Patch
  • 5. 5antonio.bartolozzi@bartolozzi.it Use Always antivirus and Firewall Use updated Antivirus Old (but strong) firewall version is better than nothing
  • 6. 6antonio.bartolozzi@bartolozzi.it Firewall A strong Firewall can block dangerous connections from the internet : it helps but does not completly solve the problem.
  • 7. 7antonio.bartolozzi@bartolozzi.it How to find vulnerabilities in Windows XP/7 • Use PC as a scan systems with a nmap application • Find patches for vulnerabilities • Install patches Follow MY  instructions, see next slides.
  • 8. 8antonio.bartolozzi@bartolozzi.it Check Your System with a Scanning Engine https://nmap.org/download.html Download latest stable release self-installer: nmap-7.80- setup.exe Install Nmap Applicartion Install NMAP in a laptop PC: you will use it to scan Windows XP/7 System via network
  • 9. 9antonio.bartolozzi@bartolozzi.it How to Find Your PC's IP Address in Windows XP/7 Use ipconfig via CMD (Start -> Run -> CMD) IP Address
  • 10. 10antonio.bartolozzi@bartolozzi.it How to scan a Windows XP/7 System 192.168.133.140 nmap --script vuln Use detected IP Address Insert the following command Click scan button 1 2 3
  • 11. 11antonio.bartolozzi@bartolozzi.it Click Scan and … HORROR Your system is vulnareble ! Use Vulnerability code
  • 12. 12antonio.bartolozzi@bartolozzi.it Embedded systems You can use this producedure to also find vulnerabilities on embedded devices e.g. medical devices with a XP Windows operating system. Do not attempt to solve the problem on medical devices. Test the medical devices in a test environment : Don't run security tests in a production environment. Critical vulnerabilities have been identified in GE Healthcare patient monitoring products by a security researcher at CyberMDX CVE-2020-6963 (CVSS 10.0) concerns the use of hard-coded Server Message Block (SMB) credentials (CWE-798). An attacker could establish an SMB connection and read or write files on the system. The credentials could be obtained through the password recovery utility of the Windows XP Embedded operating system.
  • 14. 14antonio.bartolozzi@bartolozzi.it Download Security Update for Windows XP SP3 (KB4012598) Vulnerability ID ms17-010
  • 18. 18antonio.bartolozzi@bartolozzi.it CONCLUSIONS • You can regularly use tools to identify and fix vulnerabilities so the system is more secure • Do not use Windows XP/7 PC with vulnerabilities • However, Please, stop using Windows XP systems as soon as possible! • Microsoft offers extended security update (ESU) support for Windows 7 (Professional or Enterprise versions only). Buy extended support or stop using Windows 7 systems as soon as possible!