Effective January 14, 2020, Microsoft will discontinue extended support for Windows 7 and Windows Server 2008, forever. As announced in 2014, this End-of-Life (EOL) status means that Microsoft will no longer provide security patches, non-security updates, and technical support materials for these platforms. Given that 42 percent of all Windows computers still use Windows 7, it’s kind of a big deal.
With five years notice, you might think that most companies would have jumped ship from Windows 7 and Windows Server 2008 months ago. Yet here we are, only one month away from those operating systems losing support, with millions of people still using them. Millions of workstations and servers still use these operating systems, but January 14, 2020 is approaching quickly and will be here before you know it.
WINDOWS SERVER 2008:
The end is nigh for Windows Server 2008. Once Windows Server 2008 reaches the looming end-of-life date, its users will become prime targets for hackers who prey on these vulnerable operating systems.
Windows Server 2008 and 2008 R2 are already prime targets for hackers who prey on these vulnerable operating systems. When observed by attackers in enterprise environments today, these servers are interpreted to be either high-value legacy systems or aging, low-use systems where a compromise might go unnoticed. Sharing many common components with its consumer-grade peer Windows 7, many Windows Server 2008 and 2008 R2 servers may be subject to Windows 7 vulnerabilities.
If replacement is not feasible before January 2020, business-critical legacy systems with challenging or costly upgrade paths should be isolated and protected until they can be migrated to newer, more-secure platforms. Businesses with volume licensing from Microsoft should also consider purchasing extended security support as a stop-gap measure.
Here’s how it works: cyber criminals work backwards from the vulnerability disclosure and the patch, pinpointing precisely where the flaw is and how to exploit it. With a number of shared components between the various versions of Windows, there’s probable cause that a similar flaw will also exist in Windows 7. If you call Microsoft customer service and support with a problem, they are going to tell you that your only choice is to upgrade.
Next, If you’re running an unsupported operating system that does not receive patches and updates for known vulnerabilities, you are no longer compliant with industry guidelines and legislative mandates and may be held accountable if your systems are compromised.
Finally, system compatibility issues grow rapidly as hardware and software updates continue to evolve. Simultaneously, hardware virtualization suffers as updated features won't apply to Windows Server 2008 impairing productivity and resulting in slow server performance with a myriad of system issues.
Attackers can compromise these systems by misusing other aging and vulnerable software installed on the system. As a result, local data is exposed, user accounts can be stolen, and internal organizational servers enter the realm of attacker influence.
Wreaking the most havoc will be EOL for Windows 7, as it accounts for 42 percent of all desktop users and is often an appealing target for phishing attacks or drive-by malware downloads. Once Microsoft retires Windows 7 and stops issuing security updates for one of the most-loved versions of its flagship operating system, users must seriously consider upgrading.
For many organizations, Windows 7 remains a common sight on a multitude of workstations due to its resilience and long hardware lifecycles. Ultimately, many small and medium businesses retain laptops and desktops as long as they remain usable without a hardware failure. The operating system present is usually unchanged since installation at time of purchase. Operating system upgrades, possibly coupled with hardware replacement, are the best route to ensuring the highest security is maintained.
Most Windows 7 systems are used by end-users rather than in support of business processes. Workstations used for specialized business processes can, in almost all scenarios, be migrated to Windows 10 using compatibility mode that mimics a Windows 7 environment.
(On a related side note, support for Office 2010 is slated to expire at the In October of 2020, so many small and medium organizations will be conducting business using unsupported software on unsupported platforms.)
With legacy systems that are quickly reaching end-of-life or end-of-support, users lose direct support from Microsoft, security patches and product updates. Meaning you will a.) need to purchase extended support (if available); b.) migrate to newer and more advanced platforms.
We should mention the process for replacing Windows Server 2008 and Server 2008 R2 is a complex one. It depends upon server responsibilities and business criticality. Replacing Server 2008/ R2 typically requires procuring new hardware to match, while virtual machines require lower effort.
Few obstacles exist for upgrades from Windows 7 to Windows 10 with the exception of very old devices. Windows 10 is a substantially improved operating system in many respects, and its efficiency permits use on older equipment. In many cases, an in-place upgrade is possible on existing hardware to avoid a full device replacement. New hardware is recommended when such options are not available.
For customers with an existing volume licenses, Microsoft plans to offer a paid option for extended security updates until January 2023, though most entities will not be able to take advantage of this offering. Any organization still running Windows 7, Server 2008, or Server 2008 R2 in January will be gradually exposed to attack as software weaknesses without fixes grow in number. Such devices will represent attractive targets to attackers, and represent major risk to organizational infrastructure, data, and reputation.
Ultimately though, upgrading now is the safest path forward. Delays beyond January 2020 will substantially elevate the risk of a security incident and potential impact to your business. Outsourcing this complex task to an MSP like TBNG Consulting will ensure your organization migrates successfully.
ARE YOU READY?
Hackers and criminals are licking their chops ready to attack the aging Windows 7 and Windows 2008 systems. Contact TBNG Consulting and Vancord to learn how we can help you weather the upcoming storm, measure your risk and degree of exposure, and assist with an orderly migration to more secure systems. We strive to be your IT and information security partners and we will help your organization make this transition.
THE COUNTDOWN IS ON: