In early 2020, the decade-old Windows 7 and Windows Server 2008 R2 reached the end of life. This means that Microsoft will no longer provide technical assistance, bug-fixes, software patches, and security updates for the OS for both businesses and consumers.
Windows 7 was launched on July 22, 2009, and recent reports suggest that up to 39% of all PCs could still be running on it. With no support or patches for any new security vulnerability, all Windows 7 systems and servers running on Server 2008 R2 will now become easy targets for hackers and malware attacks. Microsoft has urged all users to upgrade to Windows 10, while the UK’s National Cyber Security Centre has issued a warning to all users to not access personal data using Windows 7 devices.
Windows 7 End of Life: What’s the Security Risk?
When an OS reaches the end of life, the obvious course of action is to upgrade to the latest or at least a supported version. But many organizations do not put this into practice immediately due to various reasons. It could because of the lack of budget, certification requirements, or operational challenges.
At any given point in time, using unsupported operating systems puts businesses at risk to major attacks. Systems and servers on unsupported operating software provide attackers an opportunity to infiltrate the network and move laterally to gain access to sensitive data and critical applications. Hackers could exploit new system vulnerabilities using phishing and malware attacks – a classic example being the WannaCry ransomware attack in May 2017, which cost the National Health Services of the UK close to £9.2 Million (approx. $12 Million).
How to Secure Legacy Systems
When a highly popular operating system like Windows 7 reaches end of life, it leaves a significant number of systems and servers vulnerable to attacks. It is now up to the security teams to ensure that these systems are protected in the best way possible. As mentioned before, the immediate upgrade to a new OS version may not always be an option. Here’s what you need to do to protect legacy systems in your network.
1. Identify Legacy and Vulnerable Systems
For small businesses, it may not be very difficult to quickly make a list of all legacy systems, but for large organizations or enterprises, there could be thousands of systems running on unsupported software. Security teams must be able to identify and visualize all endpoints and servers that are rendered vulnerable by the Windows 7 end of life. This gives you a better understanding of the threat landscape, determine systems that are more critical than others, and device a security strategy accordingly.
2. Lock Down Legacy Endpoints
Vulnerabilities in Windows have been notoriously used in the past to instigate hacks and ransomware attacks. Antivirus software, which relies largely on directories for threat detection, is not able to stop zero-day attacks by new malware strains. To counter this threat, security teams can deploy signature-less solutions that can lock down endpoints at the kernel level. With process-level control and whitelisting capabilities, all non-essential processes can be identified, flagged, and shut down, rendering legacy endpoints and servers tamper-proof.
3. Segment to Reduce the Attack Surface
With the Windows Server 2008 R2 operating system reaching end of life, all servers running on this OS also need to be protected from attacks. Once security teams have complete visibility of server communications, vulnerable servers should be identified, tagged, and segmented so that any existing and future threats can’t move laterally; a good micro-segmentation solution can help you accomplish this. Also, policies might have to be fine-tuned to limit or block communications to and from these servers to other parts of the network. This will help identify unauthorized traffic while significantly reducing the attack surface.
Systems running on the unpatched and unsupported OS are easy targets for attackers. As attacks increase in numbers and sophistication, it becomes crucial for businesses to take a proactive security posture, which means adopting security solutions that allow deep visibility, dynamic policy enforcement across on-premise and cloud, and stronger endpoint control across locations and geographies.
ColorTokens offers a new generation of proactive security that simplifies and streamlines protection and compliance for cloud workloads, applications, and endpoints.