Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

Background - CERT Australia

advertisement 
WHITE
CERT Australia
2013-33
Update A: Upcoming end of support for Microsoft
Windows XP SP3 and Microsoft Office 2003
Abstract
--------------------------- Begin Update A ------------------------------
Microsoft will end support for Microsoft Windows XP Service Pack 3
(SP3) and Microsoft Office 2003 on 8 April 2014.
--------------------------- End Update A ---------------------------------
CERT Australia encourages partners to upgrade from these versions
of Windows and Office, and highlights the security risks and business
impact with continuing to run unsupported operating systems and
applications.
This document remains the property of the Australian Government. The information contained in this document is for the use of the intended recipient only
and may contain confidential or privileged information. If this document has been received in error, that error does not constitute a waiver of any
confidentiality, privilege or copyright in respect of this document or the information it contains. This document and the information contained herein cannot
be disclosed, disseminated or reproduced in any manner whatsoever without prior written permission from the Assistant Secretary, CERT Australia
Attorney-General's Department, 3 - 5 National Circuit, Barton ACT 2600.
The material and information in this document is general information only and is not intended to be advice. The material and information is not adapted to
any particular person’s circumstances and therefore cannot be relied upon to be of assistance in any particular case. You should base any action you take
exclusively on your own methodologies, assessments and judgement, after seeking specific advice from such relevant experts and advisers as you consider
necessary or desirable. To the extent permitted by law, the Australian Government has no liability to you in respect of damage that you might suffer
that is directly or indirectly related to this document, no matter how arising (including as a result of negligence).
WHITE
WHITE
CA-2013-33
Handling Instructions
This bulletin is designated WHITE. WHITE Alerts are not confidential. They contain information that
is for public, unrestricted dissemination, publication, web-posting or broadcast. You may publish the
information, subject to copyright and any restrictions or rights noted in the information.
Background
Microsoft produces a number of popular operating systems and user applications, such as the
ubiquitous Windows products and Office application suites.
Details
From 8 April 2014, Microsoft will cease support for Microsoft Windows XP SP3 and Microsoft
Office 2003. CERT Australia strongly recommends partners using Windows XP SP3 and Office
2003 upgrade to newer supported operating systems and software. [1] [2] [3]
After 8 April 2014, partners running Windows XP SP3 and Office 2003 will not be able to receive
public support for these products, including security patches or vendor incident support.
Vulnerabilities in unsupported operating systems and applications won’t be fixed, and cyber
adversaries are aware of this and may identify these vulnerabilities as opportunities to target
systems of national interest. As a result, the likelihood of a successful cyber incident on a
stakeholder’s system is increased, which consequently elevates the security risk profile for that
stakeholder.
The latest versions of operating systems offer significant improvements in security features,
functionality and stability. Likewise the latest versions of applications typically incorporate newer
security technologies and mitigate known vulnerabilities. Using the latest versions of operating
systems and applications, along with patch management, are some of the most effective security
practice partners can perform. [4]
Partners unable to upgrade by 8 April 2014 may have the option of entering into a custom support
contract with Microsoft. The cost of custom support is significantly higher than regular support,
and will continually rise. Partners wishing to undertake custom support will still need to have a
migration plan in place to transition from Windows XP SP3 and Office 2003 as part of the contract
with Microsoft.
Microsoft also announced they will cease support for Microsoft Exchange Server 2003 and
Microsoft Office SharePoint Server 2003 on 8 April 2014.
WHITE
CA- 2013-33
WHITE
CA-2013-33
Links
[1]
[2]
[3]
[4]
http://www.microsoft.com/endofsupport
http://support.microsoft.com/lifecycle
http://www.microsoft.com/en-us/windows/business/retiring-xp.aspx
https://www.cert.gov.au/advisories (see strategies to mitigate targeted electronic intrusions)
Feedback
CERT Australia is interested in any feedback that you may have with respect to this update and or
the service that we provide. If you would like to provide us with your comments, please do not
hesitate to e-mail us at info@cert.gov.au or contact us on 1300 172 499.
NOTE: Organisations should consider the sensitivity of information sent to this email address as it
will be ‘in the clear’ and not secure. If needed secure communication channels for sensitive or
incident related information are available on request.
Incident reporting
Partners observing any activity connected to this publication are requested to contact CERT Australia
at info@cert.gov.au or 1300 172 499. This information is used to inform an understanding Australia’s
cyber threat context. All information is handled internal to the CERT and in strict confidence. Secure
communications mechanisms are available on request.
About CERT Australia
CERT Australia’s primary responsibility is to develop close working relationships with critical infrastructure
organisations and businesses that operate systems that are important to Australia’s national interest. In this
way, CERT Australia is able to help ensure that important services that all Australians rely on in their daily
lives are secure and resilient.
In addition to any internal or regulatory requirements that may be in place, CERT Australia partners can
report cyber threats and incidents to CERT Australia on 1300 172 499. This telephone number assists
CERT Australia to rapidly respond to incidents impacting those services that are critical to all Australians.
Cyber crime involves the unauthorised access to or impairment of computer systems and is likely to
constitute an offence under the Commonwealth’s Criminal Code Act 1995 and/or State and Territory
criminal laws. If CERT Australia partners suspect that they have been the victim of cyber crime they should
report it to the Australian Federal Police.
WHITE
CA- 2013-33
CERT Australia
SENSITIVE INFORMATION TRANSMISSION
Restrictions on Access and Use
Traffic Light Protocol
TLP CLASSIFICATION
RESTRICTIONS ON ACCESS AND USE
Highly Restricted
Access to and use by your CERT Australia Security Contact
Officer only.
RED
You must ensure that your CERT Australia Security Contact Officer
does not disseminate or discuss the information with any other
person, and you shall ensure that you have appropriate systems in
place to ensure that the information cannot be accessed or used by
any person other than your CERT Australia Security Contact Officer.
Restricted internal access and use only.
AMBER
Subject to the below, you shall only make ‘AMBER’ Alerts available
to your employees on a “needs to know basis” strictly for your
internal purposes only to assist in the protection of your information
and communications technology (ICT) systems.
In some instances you may be provided with ‘AMBER’ Alerts which
are marked to allow you to also disclose it to your contractors or
agents on a “needs to know basis” strictly for your internal purposes
only to assist in the protection of your ICT systems.
Restricted to closed groups and subject to confidentiality
GREEN
You may share ‘GREEN’ Alerts with external organisations,
information exchanges or individuals in the network security,
information assurance or critical network infrastructure community
that agree to maintain the confidentiality of the information in the
Alert.
You may not publish or post on the World Wide Web or otherwise
release it in circumstances where confidentiality may not be
maintained.
Not restricted
WHITE
NOT CLASSIFIED
‘WHITE’ Alerts are not confidential. They contain information that is
for public, unrestricted dissemination, publication, web-posting or
broadcast. You may publish the information, subject to copyright and
any restrictions or rights noted in the information.
Any information received from CERT Australia that is not classified in
accordance with the Traffic Light Protocol must be treated as
‘AMBER’ classified information unless otherwise agreed in writing by
the Attorney-General’s Department.
Related documents
How we raised awareness on information security in Slovenia
How we raised awareness on information security in Slovenia
Taleisha, Jandamarra
Taleisha, Jandamarra
Link - Physics Teacher
Link - Physics Teacher
Clinical Project Officer: Application Form
Clinical Project Officer: Application Form
信息安全概述(An Overview of Information Security)
信息安全概述(An Overview of Information Security)
General Practitioner (doctors)
General Practitioner (doctors)
information as PPTX File
information as PPTX File
Chapter 1Computer Concept
Chapter 1Computer Concept
Download
advertisement