Implications of the Windows 7 End of Life

Today, on January 14, 2020, Windows 7 reached its official end-of-life. As of the beginning of 2020, 26.6% of computers were running Windows 7, and it comprises 30.8% of Windows computers. All of these machines will no longer be supported by Microsoft unless they transition over to the Windows 10 operating system.

What Does End of Life Mean for Windows 7?
End of life for Windows 7 means that it will no longer receive support from Microsoft. This includes both customer support activities (like help centers) and updates to the operating system, both functionality and security.

The lack of new security updates to the Windows 7 OS creates a significant risk for users of the operating system. In 2019, the Windows 7 OS had 250 different common vulnerabilities and exposures (CVEs) discovered. This is almost a fifth of the 1283 Windows 7 CVEs reported since its release 2009.

After January 14, 2020, Microsoft will no longer issue official patches for vulnerabilities in the Windows 7 operating system. As a result, users of the end-of-life OS will be vulnerable to attacks exploiting any new vulnerabilities discovered in the operating system after this date.

Dealing with Windows 7 End of Life
After January 14, 2020, Windows 7 PCs become a security liability for an organization. The next vulnerability discovered in the operating system will be actively exploited by cybercriminals since no patch will be forthcoming. Organizations that still have Windows 7 computers have a couple of options for addressing this issue.

Updating to Windows 10
Whenever possible, updating a machine to the Windows 10 operating system is the correct response to the Windows 7 end of life. Depending on the Windows version in use, it may still be possible to get a free upgrade to Windows 10.

With Windows 10, users no longer have to worry about their operating system reaching end of life. Windows 10 is covered by Microsoft’s Modern Lifecycle Policy and receives features updates twice a year and security updates monthly. Installing these updates on a regular basis will ensure that a machine remains supported and protected.

Virtual Patching
For some systems, like those in critical infrastructure, upgrading to Windows 10 may not be an option due to hardware or compatibility requirements. However, these systems also need to be protected against potential exploitation of new vulnerabilities in the Windows 7 OS.

While Microsoft may no longer issue security patches for Windows 7, an intrusion prevention system (IPS) may offer “virtual patching”, where it identifies, and blocks attempted exploitation of known vulnerabilities. While this is not an ideal solution, it is better than nothing for otherwise vulnerable systems.

Dealing with Windows 7 End of Life
Microsoft has been warning consumers about the end of support for Windows 7 and attempted to transition users over to Windows 10 by offering free licenses in 2016. For those still using Windows 7 on their machines, now is the time to make the switch.