Are you risking your business data to old Windows operating systems? Microsoft’s security team thinks so. The state of security on outdated Windows versions is getting so bad that viruses can work their way onto your network and you might not even notice anything until it’s too late.
Earlier this month, Microsoft’s security team released something rather unexpected. The company went through the unusual step of releasing security updates for unsupported Windows operating systems—the likes of Windows XP and Windows 2003.
Microsoft’s security experts had growing concerns that a “wormable” flaw in their older platforms—the ones that no longer supported (think Windows XP or Windows Server 2003 for example). The vulnerabilities that Microsoft’s team has been addressing helps shore up some of the vulnerabilities that early last year led to extreme numbers of ransomware attacks (think businesses and even city governments getting completely shut down).
The reason why they’re calling this a worm is that the virus is able to freely crawl and shut down computers and servers on your network once it is able to get through by way of an outdated machine.
The attacks over the past couple of years were so bad that Microsoft took a once in a lifetime quest to create updates for these older machines.
First off, what are the operating systems impacted by this recent update?
Below is a list of operating systems that have gaping holes at this very moment. Note: if you have machines in your environment on this list, you better check that those updates have been made (consider a network security assessment to get all the details):
Windows Server 2008
Windows Server 2008 R2
Many of you might have Windows 7 machines connecting to your networks. Or you might not have gotten around to upgrading your server yet (I get it, investments in new hardware are big capital expenses). Realize that hackers and cybercriminals have a history now of searching for companies using older equipment because these networks are easier to break into. They’re especially easy if you haven’t applied these recent updates.
What’s so bad about the vulnerabilities being patched?
Microsoft identifies these vulnerabilities as imminent threats, meaning they expect attacks exploiting these particular vulnerabilities to come sooner than later. At this point, criminals have reverse engineered the updates and completely understand where to easily strike if you have not applied this patch.
The concerning piece with these current exploits is they requires no user interaction or engagement. That means your users don’t have to click on a link in a phishing email or download an attachment to give criminals access.
The reason why Microsoft defined this vulnerability as “wormable” is because once on your network, the malware most definitely can spread from computer to computer (similar to many of the latest devastating ransomware attacks).
In total, Microsoft released 16 updates targeting over 79 security holes in older Windows software. Nearly a quarter of these updates were categorized as critical, meaning these are known ways criminals have been breaking onto networks and infecting them with malware.
What does Microsoft say about older systems?
The director of their security response center stresses that all impacted machines—that means any of the ones listed above—need this patch applied ASAP to prevent a doomsday scenario from occurring on your network.
In this instance Microsoft is going well out of its way to protect their legacy systems. Ransomware attacks have been so bad as of late that it doesn’t want some of the really bad exploits on its systems to wreak havoc.
Why can’t you get continued patching on these older platforms?
Point blank, Microsoft has moved on with its product line. They no longer have experts capable of doing their magic with coding and programming needed to keep legacy operating systems (see list above) afloat. The problem is it takes serious time and expense to keep software safe and the argument to continue support for these older systems are too expensive to maintain.
If you have any of the later operating systems, such as:
Windows Server 2019
Windows Server 2016
Windows Server 2012
Windows Server 2012 R2
you won’t have to worry about this round of security updates (your systems lack the flaws that older platforms have).
The moral here: Staying up-to-date with your Windows patches is always a good idea. But planning to upgrade equipment on your network to avoid being a victim to cybercrime or unexpected network outages is critical to keep your business running smoothly.
Are you worried that your outdated Windows machines are leaving your business vulnerable? Contact us to figure out a strategic plan to address how to deal with old and outdated systems.