Microsoft Ending Support For XP Operating System & PCI Implications

Microsoft will be ending their support of the XP Operating Systems on Tuesday, April 8th. PCI DSS requirement 6.2 specifically states that merchants are required to, "ensure that all system components and software are protected from known vulnerabilities by installing applicable, vendor-supplied security patches. Install critical security patches within one month of release." Once Microsoft ends support, clients will no longer be able to reach or maintain PCI Compliance while using a machine running an XP operating system as outlined in the PCI DSS requirements.

You can learn more by clicking the following link to Microsofts website discussing this event at

Potential risks of staying with Windows XP

Running Windows XP SP3 in your environment after April 8, 2104 may expose you to potential risks, such as:


Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. Anti-virus software will also not be able to fully protect you once Windows XP itself is unsupported.


Businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements. More information on HHS's view on the security requirements for information systems that contain electronic protected health information (e-PHI) can be found here -

Lack of Independent Software Vendor (ISV) Support:

Many software vendors will no longer support their products running on Windows XP as they are unable to receive Windows XP updates. For example, the new Office takes advantage of the modern Windows and will not run on Windows XP.

Hardware Manufacturer support:

Most PC hardware manufacturers will stop supporting Windows XP on existing and new hardware. This will also mean that drivers required to run Windows XP on new hardware may not be available.