More than half of London's Metropolitan Police's PCs still run the outdated Windows XP operating system, which was the subject of emergency patches to address critical hacking attacks, new figures reveal.
The force still runs 18,293 XP machines after Microsoft retired the operating system from software updates in 2014, and has updated just 14,450 to Windows 8, and a paltry eight machines to Redmond's latest OS, Windows 10.
The information was uncovered by London Assembly member Steve O'Connell, who also acts as the Greater London Authority Conservatives' spokesman for policing and crime, through a written query to Mayor of London Sadiq Khan.
"The recent cyber attacks on Parliament and the NHS show what a serious matter this is," O'Connell said. "The Met is working towards upgrading its software but in its current state it's like a fish swimming in a pool of sharks."
While Microsoft stopped issuing patches for XP three years ago, the WannaCry ransomware attackin Maythat affected NHS trusts amid other targets led the firm to push out emergency fixes to XP too, even though most NHS computers were running Windows 7.
"The recent patch issued by Microsoft and the ICO audit [of Met data protection compliance that criticised the force's use of XP] shows there is significant industry concern," O'Connell added. "It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber attack with nationwide security implications."
Continued use of XP has been widely criticised by security experts as well as by the ICO, which warned that the Met's failure to upgrade meant that the secure handling of personal data could be put at risk.
In 2015 the Met was still running XP on 35,000 computers, and interim CTO Stephen Deakin toldIT Pro that he was busy migrating mission-critical applications to Windows 8.1, from which the Met could make the jump to Windows 10, which clearly hasn't happened yet.
A 5.5 million custom support deal struck between the government and Microsoft for an extra year of support for public bodies running XP ended without being renewed, and IT Pro has asked the Met whether it has another support deal in place.
However, while the force has been making efforts to upgrade its IT estate, those upgrades could soon be outdated themselves.
Windows 8.1 reaches end-of-life in January of next year, meaning that Microsoft will cease issuing security updates, critical patches and bug fixes for the software. Unless the Met has purchased an Extended Support contract with the tech giant, its 'upgraded' PCs could be just as vulnerable as its XP-based computers in less than six months.
The Met is evidently not alone, however; a recent survey from Spiceworks revealed that more than half of businesses are running at least one instance of Windows XP within their organisation, with almost 70% of IT professionals citing a lack of future security patches as their biggest concern about using unsupported operating systems.
Patching's importance was underlined by another global ransomware outbreak currently underway in the form of Petya, which takes advantage of a Windows exploit that has been patched, but not everyone has updated their software to include the fix.
