Microsoft ends support for Windows 7 and Server 2008. And now?

High risk

Computer hardware and software are not made to last indefinitely. This also applies to Microsoft: on 14 January 2020, support for Windows 7 and Windows Server 2008, the systems that saw the light of day in 2009, will cease. Despite the fact that Windows 7 still had a 35 per cent market share in September this year, Microsoft will no longer provide technical support and issue software and security updates or emergency patches. This poses a big risk. Hence it’s time to switch.

Emergency patches

Not going as fast as you want? After all, the software giant does not always stand its ground as we have all read in the news. The company has not supported Windows XP since 2011. Oddly, an emergency patch was released up to three times in recent years: in 2014 when vulnerabilities were discovered in some versions of Internet Explorer, in 2017 after the WannaCry outbreak, and even as recently as 2019, after the discovery of BlueKeep. This seems strange, yet Microsoft has a good reason for this.

Special cases

Windows XP is still used, even today. Think of very specialised equipment in, for example, oil refineries, power plants but also hospitals. For instance, certain MRI scanners do not work on operating systems higher than Windows XP. Microsoft apparently does feel some responsibility and understands the importance of keeping this kind of equipment working. Of course, it is also quite complex. Doctors in a hospital shout, ​“That MRI scanner has to keep working! Understandable, but with security in mind, this does require some extra attention.

An accident waiting to happen

Now there are methods for continuing to use this kind of end-of-life system. Consider disconnecting the system from your network. Can’t do that? Then investigate which connections are absolutely necessary and make sure those connections are optimally secured. After all, a hacker does not care whether there is an MRI scanner hanging on the other end of that line or what other damage he or she could causes. In 2011, for instance, DigiNotar, a company that takes care of government website security, was in the news a lot. Because a device was hanging on the network that should not have been there, a hacker had the opportunity to penetrate and issue more than five hundred fake SSL certificates. An accident is waiting to happen, even when it comes to ICT security.

Danger to infrastructure, business processes and compliance

So take the end of support for these operating systems seriously. Of course your hardware will continue to work, but as time passes, your environment becomes more susceptible to security vulnerabilities. Not only a risk to your infrastructure and business processes, you won’t make things easier for yourself in terms of compliance either.

Need help?

Is 14 January 2020 already too close and will you not manage to make the switch before then, or is it a problem at all to switch to a more modern operating system? Feel free to contact us, we will be happy to think with you about appropriate measures.

Mark Koek, CEO of HackDefense