Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Windows 7 end-of-life is coming. How much should you worry?

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 27 Nov 2019 07:11:53 +0000 (UTC)
https://www.cyberscoop.com/windows-7-end-of-life-forescout-op-ed/

By Ellen Sundra
CYBERSCOOP
November 26, 2019

Every few years, Microsoft causes some panic across industry sectors by
announcing the end-of-life of one of its older Windows operating systems.

In this case, Windows 7 is going “end of life” on Jan. 14, meaning Microsoft
will no longer be regularly updating the system with fixes when a security
vulnerability is found. The company is urging users – both consumer and
enterprise – to update their systems to the latest operating system: Windows 10.

As the weeks tick down until the deadline, the question becomes: how big of a
security threat is this? We’ve seen the real-world attacks that can come from
unpatched vulnerabilities in an out-of-date operating system. There are also
valid reasons an organization could choose to hedge its bets and not upgrade.
Ultimately, it is a conversation about risk, and more specifically, how much
risk is an organization willing to assume in the face of a potentially costly or
complicated upgrade.

WannaCry is a perfect example of what kind of devastating effects an unpatched,
out-of-date operating system can have. The attack leveraged the EternalBlue
vulnerability as an entry point, then spread laterally across organizations.
Microsoft had issued a patch, but organizations that hadn’t applied it or were
running out-of-date operating systems, like Windows XP, were still vulnerable.
WannaCry went on to infect companies of all sizes and industries around the
world, causing millions of dollars in damages. In some cases, organizations did
not even realize their operations still relied on Windows XP, until an affected
machine seized somewhere, causing disruptions. Microsoft ultimately stepped in
and issued an unusual emergency patch for the operating system.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: