I know you’ve been thinking—or at least probably hearing—about Windows 7 end of life in the upcoming months. At that point, Microsoft will no longer support the operating system. The real problem with this scenario if you are still dependent on Windows 7 machines to run within your organization is that you will no longer have any opportunities to get security patches or get any bugs fixed that may lead to slowing down your workflows.
Now, if you do have an enterprise agreement already in place with Microsoft, the software company is giving you a little break by supporting your machines a little longer (about a year’s worth of extended support). But in the long run for everyone, you will need to seriously consider your strategic options when it comes to upgrading away from Windows 7.
If your business is currently dependent on software that can only run on Windows 7, there are ways to keep those ‘unloved’ machines protected while keeping your operations running. Most security experts recommend getting a network security assessment to figure out the best strategy to protecting old machines (that also will include any other unsupported or old software platforms).
But for most of us, Windows 7 is already showing its risks add up.
One of the biggest examples to-date is with the BlueKeep vulnerability.
BlueKeep, officially tracked by security experts as CVE-2019-0708, targets Windows Remote Desktop Services. It essentially allows for an attacker to execute code (think ransomware or other malware like keylogging or spyware) by sending remote desktop protocol (RDP) requests to a machine.
Microsoft has released patches to address this—including to Windows 7 machines back in May—but most organizations have failed to patch and protect their older Windows 7 systems because they have been told time and again that those systems are no longer being supported.
Let me repeat myself because I want to make sure you heard me and are taking all necessary precautions with your systems:
If you have Windows 7 machines, please (1) check to see that the BlueKeep vulnerability has been patched by checking for the CVE-2019-078 update and (2) applying that patch if it is not on your Windows 7 machines.
Many organizations—even those planning to upgrade their systems by January 14, 2020 (when support actually ends for most Windows 7 users)—have failed to continue with patch schedules for these older computers.
The most recent exploits of BlueKeep have led computers to crash, affecting another vulnerability in many older Intel chips known as Meltdown. This additional vulnerability impacts CPU usage—which is essentially the capacity for the brain of your computer to send out commands to software on your computer.
Microsoft—along with the FBI—advised people to install the patches to these exploits, warning that these exploits will be used more and more and the damage from these attacks will grow as criminals further develop their attacks on these Windows 7 exploits.
Most systems running Windows 7 still lack the BlueKeep updates.
There are almost a million systems that are still predicted to be vulnerable to the BlueKeep exploits—vulnerabilities that have been identified with clear fixes. Because of this malicious actors are ramping up their efforts to exploit these vulnerabilities. That means if you are running any Windows 7 on any computer in your environment, you should ensure your systems are secure.