Louvre delayed Windows security updates ahead of burglary

Twenty years of technical debt weighed heavily on security at the Louvre, as it steadily accumulated systems for analogue video surveillance, digital video surveillance, intrusion detection, and access control, some of them with dedicated servers or proprietary applications. Some of these became obsolete over time and needed updating or replacing

Thales supplied one such system, Sathi, to the Louvre in 2003, but it was no longer supporting it by February 2019, according to public procurement documents seen by the newspaper. As recently as the middle of this year, eight Sathi publications appeared on a museum list of “software that cannot be updated”.

The Louvre’s Windows problems continued at least through 2021, when another document noted it was using Sathi on a machine still running Microsoft Windows Server 2003, which reached the end of extended support in 2015.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts