Information Security News mailing list archives
Windows 7 end-of-life is coming. How much should you worry?
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 27 Nov 2019 07:11:53 +0000 (UTC)
https://www.cyberscoop.com/windows-7-end-of-life-forescout-op-ed/ By Ellen Sundra CYBERSCOOP November 26, 2019 Every few years, Microsoft causes some panic across industry sectors by announcing the end-of-life of one of its older Windows operating systems. In this case, Windows 7 is going “end of life” on Jan. 14, meaning Microsoft will no longer be regularly updating the system with fixes when a security vulnerability is found. The company is urging users – both consumer and enterprise – to update their systems to the latest operating system: Windows 10. As the weeks tick down until the deadline, the question becomes: how big of a security threat is this? We’ve seen the real-world attacks that can come from unpatched vulnerabilities in an out-of-date operating system. There are also valid reasons an organization could choose to hedge its bets and not upgrade. Ultimately, it is a conversation about risk, and more specifically, how much risk is an organization willing to assume in the face of a potentially costly or complicated upgrade. WannaCry is a perfect example of what kind of devastating effects an unpatched, out-of-date operating system can have. The attack leveraged the EternalBlue vulnerability as an entry point, then spread laterally across organizations. Microsoft had issued a patch, but organizations that hadn’t applied it or were running out-of-date operating systems, like Windows XP, were still vulnerable. WannaCry went on to infect companies of all sizes and industries around the world, causing millions of dollars in damages. In some cases, organizations did not even realize their operations still relied on Windows XP, until an affected machine seized somewhere, causing disruptions. Microsoft ultimately stepped in and issued an unusual emergency patch for the operating system. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Windows 7 end-of-life is coming. How much should you worry? InfoSec News (Nov 26)