Windows 7 End of Life – Get Ahead
Many of us have written or read Penetration Testing reports that have identified out of date or unsupported operating systems within a network. Often enough the recipient of the report will be aware of the issues and systems involved and have a plan in place to replace and/or upgrade.
The issue is such plans often take an unexpected amount of time and resource to implement once one begins to dig under the surface of what such an upgrade actually means in terms of stability, security and software support. As a result this can often mean the upgrade actually occurs after the stated end of life date, leaving a network of systems without updates or security patches for an undesirable period of time.
Two weeks ago today marked the 14th January 2019, significant because in exactly one years time support (extended support at that) will end for Windows 7 (SP1), with Windows 8.1 following roughly three years later.
| |
|
|
OS
|
Basic Support
|
Extended Support
|
|
Windows 8.1
|
January 9, 2018
|
January 10, 2023
|
|
Windows 7
|
January 13,2015
|
January 14, 2020
|
|
|
|
Basic user support for both has already ended, however many organisations are still likely to be running internal networks based off these two soon to be legacy systems.
What Does This Mean for us?
As Microsoft defines it an end of life / unsupported operating system means the following:
“An unsupported version of Windows will no longer receive software updates from Windows Update. These updates include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows - such as new drivers for your hardware”
Without the support of the vendor providing much needed security updates this often opens the door for malware to spread with greater ease given known issues are unlikely to be patched helping to prolong the life and effectiveness of known exploitable weaknesses.
What Should we be Doing?
Just now is a golden time to be thinking about the future, planning for the deprecation of a widely used workstation operating system takes time and some careful consideration, start by thinking about the operating system hardware requirements and existing software requirements; does all that bespoke software you have actually run properly on the newer platform? If this is not known, now is the perfect time to start planning and answering these key questions; the last thing you want to do is introduce instability during this process.
There is loads of information out there on planning the next steps, we would advise starting with some of the following sources for more information:
https://support.microoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet
If you end up in a situation where a critical BAU system is affected by lack of support for a newer operating system NCSC have published some guidance on securing systems on a short term only basis, although helpful to buy some more time, it should not be relied upon as a long term solution:
https://www.ncsc.gov.uk/guidance/obsolete-platforms-security-guidance