My technical journal.

Maybe useful, maybe not.
posts - 105 , comments - 45 , trackbacks - 0

End of PCI Compliance for Windows XP

Microsoft has announced that Windows XP will reach end-of-life on April 8th, 2014.
Windows 2000 already reached end-of-life on 13th July, 2010.

PCI-DSS Compliance requires all elements of a Point-Of-Sale (POS) payment application environment to be supported by their vendors with security updates, which includes the operating system the application runs on. Security updates from Microsoft for an operating system come to an end when it is no longer supported. At that time, PCI-SSC will regard any merchant using that operating system as being non-complaint with PCI-DSS. This is covered in the PCI-DSS documentation under “Requirement 6: Develop and maintain secure systems and applications”:

6.1 Ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Deploy critical patches within a month of release.

It’s therefore a good idea to upgrade any operating system being used for a POS payment system that is no longer supported or will soon reach the end of support. Not doing so may expose merchants to the risk of fines and penalties should their environments be compromised whilst not being compliant with the PCI-DSS.


  1. Windows XP SP3 and Office 2003 - Support Ends April 8th, 2014
  2. Extended Support for Windows 2000 Server Ends on July 13, 2010
  3. Microsoft Support Lifecycle
  4. PCI DSS Quick Reference Guide

Print | posted on Tuesday, February 11, 2014 5:20 PM |


No comments posted yet.
Post A Comment

Powered by: