Businesses Face Increased Risk as Windows 7 End-of-Life Quickly Approaches

The clock is ticking. Support for Windows 7 will officially end on January 14, 2020. That is less than 90 days from now. The Windows 7 end-of-life is significant because it’s very popular and widely used version of the Windows operating system. Businesses and individuals around the world will be exposed to increased risk from using an unsupported operating system.

Windows 7 End-of-Life

It’s hard to believe, but it’s been nearly 10 years since Microsoft introduced the Windows 7 operating system. That means that official support will expire on January 14, 2020 and Microsoft will no longer issue updates or patches for the OS. On a related side note, support for Office 2010 is also set to expire at the beginning of 2020, so many small and medium organizations may find most of their business conducted using unsupported software on unsupported platforms.

66% of SMB Devices at Risk

There is reason for concern. In our Critical Watch Report: 2019 SMB Threatscape, Alert Logic revealed the 66% of the devices scanned at small and medium business clients are running a Microsoft operating system that will be out of support by January 2020—meaning Windows 7 or older versions of the Windows operating system.

The report explains, “Additionally, there are still a non-trivial number of Windows XP and even 20-year-old Windows NT devices out there. Even if they are not exposed to the internet, these targets make lateral movement relatively easy once a host has been compromised. With the discontinuation of security updates and bug fixes for Windows Server 2008 scheduled for 2020, combined with the SMB trend of holding on to old operating systems, this security issue is likely to get much worse next year.”

The Case for Upgrading

What’s the big deal? Windows 7 is a great operating system. If it still works and it does what you need it to do, why should you invest in upgrading to Windows 10?

That’s a fair question. In fact, as long as Windows 7 is still a supported operating system it is a very reasonable perspective. There are features in Windows 10 that aren’t available in Windows 7, but that’s not incentive if you aren’t interested in those additional capabilities.

Being unsupported changes things. Dramatically.

Microsoft is constantly researching vulnerabilities in the platforms and software it supports, and patches and updates are released on the second Tuesday of each month. Cyber criminals can work backwards from the vulnerability disclosure and the patch to figure out precisely where the flaw is and how to exploit it. There is a lot of shared components between the different versions of Windows so there’s a good chance that the same (or very similar) flaw will also exist in Windows 7. You just won’t have a patch to fix it.

Maintaining Compliance

Aside from putting your systems at risk by running unsupported operating systems, there’s also a very good chance that you will violate any compliance frameworks that apply to your business. The various industry guidelines and legislative mandates have unique requirements and directives, but the goal of all of them is to instill some sort of baseline or minimum acceptable security posture. It’s hard to claim to be secure while running operating systems that can’t be patched or updated.

This is just one example, but PCI-DSS requirement 6.2 states:

“Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor supplied security patches. Install critical security patches within one month of release.”

In other words, if you’re running an unsupported operating system that does not receive patches and updates for known vulnerabilities, you are no longer compliant and may be held accountable if your systems are compromised.

Time to Upgrade

You have less than three months left to upgrade your Windows 7 systems. That’s a daunting task if you haven’t even begun the process, but better late than never. Delaying the effort won’t make it faster or easier.

Of course, this is just one challenge facing small and medium businesses when it comes to cybersecurity. To learn more about the threat landscape and how Alert Logic can help you defend your networks and data, check out the Alert Logic Critical Watch Report: 2019 SMB Threatscape.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley