2020 Marks the End of Support for Windows 7

April 03, 2019

Windows 7 users will be an increased risk of a breach as Microsoft announces support termination from January the 14th 2020. 

Microsoft’s update will start notifying existing users, via pop-up notifications later this month (April), that support for Windows 7 will be terminated by January 2020. After this date, Microsoft will no longer provide:

1. Technical Support for any Issues

2.. Software Updates

3. Security Updates or Fixes.

Dangers of Running an Unsupported Operating System

Failure to update your operating system can cause much more damage than you can imagine. Operating systems interact with everything in a computer, but with so many different elements involved there are gateways that go unmonitored. It is these unmonitored areas which attackers take advantage of to install malicious code or gain access to systems. However, operating system vendors, such as Microsoft, release patches to secure these areas, but if no patches are released then these gateways are left wide open for attackers.

Therefore, it is imperative that organisations not only ensure their technology infrastructure is working effectively, but that unsupported software is replaced, and all patches are up-to-date – or else run the risk of a security attack on your organisation.

End of support also means ‘zero-days forever’, because those vulnerabilities will never be patched, as Shane Shook, Principal Adviser to the Board at Secrutiny, referenced when Windows XP terminated support back in 2014. He believes Windows 7 will follow suit:

“The subordinate categories will advance—through use and publication—from Zero, to ½, to Single, and ultimately to Forever day vulnerabilities that attackers will exploit. Along the way new vulnerabilities will be discovered—and eventually published—by the attackers or by security researchers/malware analysts who examine the malware used to compromise systems through the use of the exploits. But eventually XP will find itself in a Forever day category.”

He highlights that supported product vulnerabilities are publicly published by vendors, and patches are made available – which are actually utilised by researchers (white and black hats) to discover additional vulnerabilities, or to identify the vulnerabilities with precision that allow the creation of manual or automated exploitation techniques:

“It is possible, and even likely, that a reduced amount of vendor-published information (from Microsoft) will reduce the accessibility of vulnerability information that many attackers depend upon. Basically, when the head of the river dries up, eventually the riverbed will appear.”

NHS’s WannaCry Ransomeware Cyber Attack Linked to Outdated Windows XP, a Then 15-Year-Old System

A prime example of using outdated software was when the NHS fell victim to a ransomware cyber attack in May 2018, causing over 19,000 appointments to be cancelled. The service appeared susceptible to attack because many trusts were using outdated software, such as Windows XP. This choice to use outdated software cost the NHS £92 million, as the WannaCry hack targeted hospitals across the UKRenault also fell victim to the ransomware attack. Employees in France started their computers only to find a message demanding $300 in ransom, accompanying the ransom was two clocks counting down the time Renault had to pay the $300 before the factory’s files were deleted.

Next Steps

Updates are important to your organisation’s cyber security and digital safety, so in light of this announcement, we recommend all users still using Windows 7 that you begin planning for an upgrade to Windows 10, to combat the increased risk of security breach and to restrict an attacker’s access to your data. By getting a head start on planning, you can identify what devices may need to be replaced or upgraded, then you can set an allocated budget and timeline for upgrades and replacements. And plan for employee training to learn the new system.

Side note: Following the January cutoff date, Microsoft will only supply security updates to those who pay for extended support through to January 2023. 

If you are concerned about the increased cyber security risk by using outdated systems,  or if you suspect that your network security has been compromised, please give us a call on 0203 8232 999, or email us at [email protected].

Check Out Our Other Recent Posts >