Save content
Have you found this content useful? Use the button above to save it to your profile.
Blackout curtains
iStock_Андрей Клеменков_AW_curtains

HMRC security settings update means curtains for Windows 8 users

by

A recent update to HMRC's security settings has forced some accountancy software users to buy new computers in order to submit payroll returns on time.

5th Jun 2024
Save content
Have you found this content useful? Use the button above to save it to your profile.

The update to HMRC's online service, which took place on 9 May, means it is now impossible for payroll packages to make real time information (RTI) submissions or submit other online returns via HMRC's payroll manager if they are using Windows 8 or 8.1.

There is no workaround other than to update to a supported version of the operating system (OS) ie Windows 10 or 11. This can be done by installing the latest version of Windows on the user's current PC or migrating the software to a new PC already running a supported OS.

Ancient operating system

Given that Windows 8 was released more than a decade ago, most businesses will have been using a more current version of the OS for some time. However, reports suggest that several smaller firms (and self-proclaimed dinosaurs such as AccountingWEB member SteveOH) still using the ancient OS, often for cashflow reasons, are affected by this update.

One accountant told AccountingWEB:

"I have had two cases over the weekend using Moneysoft Payroll Manager which has resulted in the businesses having to buy new laptops in order to file their CIS returns (appreciate it was left to the last minute but it added stress to the situation).

 “This security change seems to have appeared from no-where with minimal notice given. A small company using an old operating system that logs into its payroll software at the end of the month may encounter problems."

Protecting personal data

HMRC regularly updates the security posture and resilience of its IT estate, balancing ease of access to its services with ensuring these services are as secure as possible. Given the volume of personal data processed by HMRC, it is vital to ensure that encryption remains effective in protecting data in transit.

Microsoft ceased to provide support for Windows 8 in January 2023, meaning devices running these operating systems can no longer receive security updates. The National Cyber Security Centre has published guidance on the use of obsolete products which states: "All software, including device operating systems, will eventually become out of date. Ideally, once out of date, technology should not be used."

In line with this recommendation, HMRC contacted software developers in September 2023 informing them that the older less robust OS would no longer be supported by its online services. This was repeated in an email to developers on 1 May which confirmed the department's plan to "remove support for a number of cipher suites known to be more vulnerable to attack" from 9th May 2024.”

An HMRC spokesperson said:

“Cyber threats continuously evolve and we constantly monitor and review our security measures, regularly updating the security and resilience of our IT estate to protect customer data.

 “Software developers were made aware of this change last September, ahead of it coming into effect this month.

 “We always encourage users to keep their operating system up to date.”

Techno jargon

Clearly, software developers were given plenty of warning, but individual taxpayers and accountants were left out of the conversation. Predictably, HMRC’s communication to software developers was laced with techno jargon, leaving many questioning whether it was the software houses who dropped the ball in not passing the message on to their users in more digestible language.

AccountingWEB member 'FactChecker' commented: "the developer has responsibilities to not only make changes if necessary in its software ... but also to inform all users of that software of the impact approaching around the corner".

Despite this, others suggested it was the responsibility of the business or individual user to ensure their IT settings are kept up to date regardless, not least to protect customer data. Echoing other comments on this AnyAnswers thread, WinterDragon mused "I struggle to have sympathy for any business using an operating system that is no longer officially supported and getting regular security updates."

Any PAYE RTI reports which are reported late due to this issue should be reported using Late Reporting Reason “G”, which indicates a reasonable excuse.

Replies (26)

Please login or register to join the discussion.

Rob Swan
By Rob Swan
05th Jun 2024 17:04

While I do think HMRC are right is reducing risk I also think Microsoft are as much to blame as anyone here - forcing people to upgrade software AND hardware, at their behest, for the sake of it. HMRC also bear some responsibility for the 'surprise' element because they cannot pass the buck to software vendors - they're not responsible for users' operating system choices.

Given other Microsoft related news lately - Winodws 11 not doing so well - maybe this will just accelerate a shift away from Microsoft towards Apple, Cloud (doesn't care about OS), and maybe Linux. That's largely down to software vendors supporting those platforms and....

Who knows, but bashing HMRC on this point - even though they should have given end users more notice - is only a small element of a much larger problem and a bigger story generally.

Thanks (5)
Replying to Rob Swan:
avatar
By cereus77
06th Jun 2024 08:32

To be fair to Microsoft, we are talking about very old releases of Windows, which have not been supported since the beginning of last year in the case of 8.1, and since 2016 for version 8. Anyone foolish enough to be running either of these deprecated operating systems for their business, and connecting to the internet is taking a big risk.

Thanks (4)
Replying to Rob Swan:
Pile of Stones
By Beach Accountancy
06th Jun 2024 08:37

Agree, Microsoft announcing that they are going to stop updates for Windows 10 in 2025. A lot of very recent hardware won't run Windows 11 (and it's awful anyway). New laptop had Windows 11 on it, downgraded to Windows 10 within a week.

Thanks (5)
Replying to Beach Accountancy:
avatar
By kjevans
06th Jun 2024 16:43

And you might get stuck with the easily-hacked Recall "enhancement" in Windows 11 - there's already a free tool out there to export all your activities, including passwords ... and people are complaining about no more security updates for Windows 8.1. Probably be safer to go back to Windows 7!

Thanks (1)
Replying to kjevans:
Pile of Stones
By Beach Accountancy
07th Jun 2024 08:25

Yep, it used to be that you only installed Windows odd-numbered versions. Presumably since W10, it's now the even-numbered versions.

Thanks (0)
Replying to Beach Accountancy:
avatar
By RICHARDBIBBY
06th Jun 2024 17:58

You are absolutely right, Windows 10 is out of support from October 2025 and Windows 11 is apparently not a good operating system, neither was Winows 8, I avoided it, Windows 7 was better. Microsoft have a history of disappointing their customers.

The big problem that you have mentioned is that many computers won't run on Windows 11. A number of Accountants will be caught out by this as I think there is a tendency to buy the minimum specification computer.

Lots of perfectly good computers will be binned in the name of "progress".

Thanks (1)
Replying to RICHARDBIBBY:
Rob Swan
By Rob Swan
06th Jun 2024 19:57

Dust off that old PC, install any one of many good Linux distro's (variants), install 'wine' (which runs Windows programs on Linux), and.... Bob is definitely your mother's brother! If your tech skills aren't up to it - it's fairly easy - there are plenty of tech support firms out there who'll help. And Google is your freind here.

Problem solved - for ever. (Well, maybe not forever, but for longer than any version of Wind-doze will be supported.) If you have a spare PC lying around just give it a whirl.

Thanks (2)
Replying to RICHARDBIBBY:
avatar
By jeremybarker
07th Jun 2024 00:52

Microsoft has said it will offer a paid-for service after the official end of Windows 10 support in October 2025 to provide security updates - the ones that really matter - for up to 3 years. The cost will likely double each year - I haven't seen the UK prices yet but the US prices are $61, $122, and $244 per PC for the first, second and third years of additional support.

Thanks (1)
Replying to jeremybarker:
Rob Swan
By Rob Swan
07th Jun 2024 06:33

Extortion!

Thanks (0)
Replying to RICHARDBIBBY:
Pile of Stones
By Beach Accountancy
07th Jun 2024 08:30

Yes, but given all that we're running are browsers, Excel and maybe desktop Sage and a payroll program, the computers don't need to be more than minimum spec. So why should we be forced to upgrade? (Unless anyone's presenting the year-end accounts in a 3D rendered virtual universe...)

Thanks (2)
Replying to Beach Accountancy:
Rob Swan
By Rob Swan
07th Jun 2024 10:10

The reality is, if you use Windows, Microsoft own you and dictate.... pretty much everything. That's just how it is.
'Free' software is so called NOT because most of it is available free of charge (Free as in 'beer') but because YOU are free (as in freedom) to use it as you choosse without any external dictatorship. Windows is not 'Free'.

Thanks (0)
Replying to Beach Accountancy:
Rob Swan
By Rob Swan
07th Jun 2024 10:14

In today's world, most of those programs: Browsers, Spreadsheets and Sage, are actually quite 'hefty' programs and require a significant amount of computer 'umph'. Software developers rarely have 'old' computers!

Thanks (0)
Replying to Rob Swan:
Pile of Stones
By Beach Accountancy
07th Jun 2024 10:41

Yes, but an Intel i5 processor, 8GB RAM, 256GB SSD, on-board graphics (my current spec) is more than adequate. Windows 11 should be able to run on this!

Thanks (1)
Replying to Beach Accountancy:
Pile of Stones
By Beach Accountancy
07th Jun 2024 10:43

We used to be able to run Lotus 1-2-3 on a i486 back in the day. Software developers have lost the ability to write tight code these days.

Thanks (1)
Replying to Beach Accountancy:
avatar
By JustAnotherUser
07th Jun 2024 10:53

not lost the ability, its just not cost effective now.

Take video games that only had 4mb to store entire games, innovative ways to extract the most out of those 4mb were created, time was spent to squeeze the last drop of resources out of these things.

One example

https://www.reddit.com/r/gaming/comments/8ij644/the_bushes_and_clouds_in...

Marios clouds and hedges were the same art file.

Now the time spent vs benefit is not a problem, games like Call of Duty are now 158 GB.

Go back X years and the requirements in a spec would have been "must be XXX in size to fit on a CD/DVD/Cartridge", none of this is defined now and speed trumps all, developers are simply not tasked to do it anymore.

The other issues is, the time spent to automate and test everything works on every version, every operating system is huge, absolutely no point to spend weeks of effort doing anything on an unsupported operating system

Thanks (1)
Replying to JustAnotherUser:
Pile of Stones
By Beach Accountancy
07th Jun 2024 13:08

Maybe if Microsoft didn't fill the OS with cr*p that people didn't ask for or need (Co-Pilot anyone?) it would be easier to support.

And don't get me started on that bloody animated paper clip...

Thanks (4)
Replying to Beach Accountancy:
Rob Swan
By Rob Swan
07th Jun 2024 14:39

Well... MS have just open sourced the source code for DOS 4. You could....

Thanks (0)
Replying to Beach Accountancy:
Rob Swan
By Rob Swan
07th Jun 2024 12:11

Lotus 1-2-3 ran well on a '286 with 512K (half a MEGAbyte)!! I was there ;)

Thanks (0)
Replying to Rob Swan:
avatar
By RICHARDBIBBY
07th Jun 2024 16:14

Oh dear, so was I.

Lotus 123 also ran on an Apricot computer which was much better looking than a PC and had 256k of RAM.
I am going to have a go with Linux and a glass of wine. Perfect match hopefully!

Thanks (1)
Replying to RICHARDBIBBY:
Rob Swan
By Rob Swan
08th Jun 2024 08:15

What an excellent combination.

You may be interested in this....
https://www.theregister.com/2022/07/20/wordperfect_for_unix_for_linux/
which includes a link to Lotus 1-2-3 for Linux - Yes! it's real :) I'm a big WordPerfect (5.x) and 1-2-3 fan and switching all my machines to Linux so maybe I'll give both a go.
Raise your glass to Tavis Ormandy!

Thanks (0)
Replying to Rob Swan:
avatar
By RICHARDBIBBY
08th Jun 2024 12:13

I have just raised my cocktail glass, sat in the sun in the south of France to Tavis. Good article, thank you.
Lotus 123 and Wordperfect laterly both windows versions for me too.
Latest versions of Excel and Word are massive over kills for what most users ever need but Microsoft destroyed the opposition so no real choices left except some freeware. Iris are doing the same to the tax software market in the UK.

Thanks (1)
avatar
By FactChecker
05th Jun 2024 21:22

"Any PAYE RTI reports which are reported late due to this issue should be reported using Late Reporting Reason “G”, which indicates a reasonable excuse"

Strictly speaking the FPS data item is the 'Late PAYE reporting reason', but that's not particularly important (and each payroll software may use a different label).
But the important thing to stress is that 'G' (reasonable excuse) is what the submitter is *claiming* with no guarantee that HMRC will actually concur; the purpose of the data item being to prevent the *automatic* generation of penalties, with HMRC still able to make the final decision.
Whether they'll accept that needing to purchase new hardware/reinstall your Payroll/etc is indeed a reasonable excuse remains to be seen ... but I'm prepared to bet that, even if are, they will only do so for ONE late submission.

So if you're running a Weekly payroll and this issue has affected you ... then urgency is needed!

Thanks (6)
Replying to FactChecker:
photo
By Amy Chin
06th Jun 2024 09:11

Just to add, the advice to use reason G in this circumstance came direct from HMRC to me, so I'd hope it would be accepted.

Thanks (2)
Replying to Amy Chin:
avatar
By FactChecker
06th Jun 2024 16:26

Well that's (slightly more) encouraging, but you must know that:
* what one person from HMRC says doesn't mean that's what will always happen when other HMRC staff are allowed to 'form a view';
* as per my point above, the RE is only there to avoid an automatic penalty and is not a guaranteed free pass (otherwise everyone would simply use it all the time).

Thanks (2)
avatar
By JustAnotherUser
06th Jun 2024 09:29

love it or hate it the blame game starts and ends with the business owners...

Treat the security of your own and your clients data as serious as you do your other regulations.

You wouldn't skrimp on food hygiene, fire safety, insurance, maintenance and those that do will do so carrying an increasing risk.

You don't trust the fire alarm still works.
You don't trust the food is served at the right temperature.
You don't guess someone passed a DBS check.
You don't trust a driving license is valid.
Don't trust using an unsupported OS to process client data without risk either.

There's a naivety that just because you've never been a victim and used computers for 20 years its not an issue, or that companies such as Microsoft do these things just to squeeze some extra cash out of you.

"the British Data Protection Authority ICO found that unsupported operating systems offered inadequate security as meant in article 32 GDPR. Based on pre-GDPR legislation in the UK"

NCSC UK Gov "All software, including device operating systems, will eventually become out of date. Ideally, once out of date, technology should not be used."

Thanks (3)
avatar
By jeremybarker
07th Jun 2024 01:00

Almost any PC that runs Windows 8/8.1 will easily upgrade to running Windows 10 - the only issue is going to be obtaining a legitimate copy of the software. Support for it also ends in October 2025 although there will be an option to pay for security updates for up to 3 years after that.

Upgrading to Windows 11 is a very different game. A lot of PCs that can run Windows 8/8.1/10 can't be upgraded to Windows 11 due to the significantly changed technical requirements.

Thanks (2)