Risks of staying with Windows 7

Windows 7 effectively expired for everyone in January 2020, so now that it’s February are you still running Windows 7?

If you are, then here’s a few reasons why you should seriously reconsider doing so. Yes it does cost money to update but please note it will cost a lot more if a business is exploited because of a Windows 7 vulnerability.

Note: At the time of writing this, Windows 7 has 1283 disclosed vulnerabilities and 250, were found in 2019. It may be fair to assume there’s a lot more undisclosed.

It’s important to take into consideration history. We’re all taught from a young age that if we’re to avoid the repetition of mistakes we need to learn, so we acknowledge that if we fall off a wall it will hurt and don’t repeat the same mistake, we’re also taught to learn from the mistakes of others. With this in mind, let's look back at what happened when Windows XP reached its end of life.

Over the years Microsoft Windows XP has had a total of 741 disclosed vulnerabilities, and it’s fair to say that potentially 11 of these were after the EOL (end of life) date of April 8th 2014. This doesn't sound hugely scary, because 11 risks out of 741 is about 1.5%, but it only takes one. That’s exactly what happened when devastating WannaCry hit in May 2017. One of the major contributing factors to the success of this particularly nasty strain of ransomware was the fact that Microsoft was no longer patching Windows XP, and unfortunately a lot of people thought there was no risk in continuing to use an operating system that had ended life.

Fortunately for users of Windows XP, Microsoft pushed an out of band patch to be kind, but they may not do this next time for Windows 7, they may simply take the approach of you should have learned with XP. WannaCry as many may remember caused a devastating impact everywhere and although it’s duration was short, the business impact was huge. Within 72 hours of it being released and hitting the news, businesses were calling all clients and suppliers to ensure things were patched. If you haven't then you best have a very good excuse why not or have a controlled environment for your EOL devices.

Beside from the vulnerability risks, hackers and state organisations potentially having ways into legacy systems, hiding in their back pockets, it is a good idea to keep upto date for compatibility.

Microsoft is only responsible for patching their own technology and system but what about any 3rd party software which is not supported or been patched any more and only works on Windows XP? The Supplier of said software may deem it more financially stable to say, sorry we don't support it any more and you must buy new software, to which some businesses may decide it still use and carry on working. In this scenario there are two risks which could be exploited; 1) the legacy operating system and 2) the 3rd party software that is no longer supported.

There’s also usability issues as well, so if you buy some new technology such as a new office wide printer that’s clever and can lock printing to user IDs with passwords etc, it may to work on unsupported operating systems, which results in some people using old printers, not printing at all, or even worse. Printing sensitive information on a personal printer at home! Imagine the GDPR complications with that last scenario, if information got leaked? The company wouldn't really have any way to defend themselves. “We were running an out of date computer and the employee took information home to print on a personal device”. Good luck!!

Considering the above situations and lesson learnt, If you have Windows 7 PCs, or Windows Server 2008 & 2008 r2, running on your network, it’s time to get rid of them or upgrade it to the latest version. And if you have to use that system because of any compatibility issue make sure you use that device in a very controlled and monitored environment.

Our advice is to do this sooner, rather than later and you won't regret it. If you need any help or guidance, let us know and we can happily have a chat to see how we may help.

Reference: Windows XP CVE database


Reference: Windows 7 CVE Database



Back to start
aberdeen skyline graphic