Following up on my previous post, IRS Computers Are Still Running Windows XP, Confidential Taxpayer Data Is At Risk: Computer World, IRS Misses XP deadline, Will Spend $30M to Upgrade Remaining PCs:
The IRS acknowledged last week that it missed the April 8 cut-off for Windows XP support and will be paying Microsoft for an extra year of security patches. But the tax agency disputed an earlier estimate by Computerworld that put the cost of those patches in the millions, saying that it was paying Microsoft "less than $500,000" for the after-retirement support.
Microsoft terminated Windows XP support on Tuesday when it shipped the final public patches for the nearly-13-year-old operating system. Without patches for vulnerabilities discovered in the future, XP systems will be at risk from cyber criminals who hijack the machines and plant malware on them. ...
According to the IRS, it has approximately 110,000 Windows-powered desktops and notebooks. Of those, 52,000, or about 47%, have been upgraded to Windows 7. The remainder continue to run the now retired XP. ...
John Koskinen, the commissioner of the IRS, defended the unfinished migration at the hearing, saying that his agency had $300 million worth of IT improvements on hold because of budget issues. One of those was the XP-to-7 migration. ... But he stressed that the migration had to continue. "Windows XP will no longer be serviced, so we are very concerned if we don't complete that work we're going to have an unstable environment in terms of security," Koskinen said.
Koskinen concurred with Crenshaw's $30 million figure as the cost for upgrading the IRS's remaining Windows XP systems. The money will be taken from the agency's enforcement budget. Part of that $30 million will be payment to Microsoft for what the Redmond, Wash., developer calls "Custom Support," a program that provides patches for critical vulnerabilities in a retired operating system.
Earlier this year, analysts said Microsoft had dramatically raised prices for Custom Support. ... Microsoft negotiates each contract separately, asking for an average of $200 per PC for the first year of Custom Support, those analysts said. Using that average -- and the number of PCs the IRS admitted were still running XP -- Computerworld estimated that the IRS would pay Microsoft $11.6 million for one year of Custom Support. Late Friday, however, the IRS disputed that estimate. An agency source said that the IRS was paying Microsoft less than $500,000 for Custom Support on its remaining 58,000 Windows XP PCs, or about $9 each. According to the source, the exact figure will be disclosed at a later date.