Windows 7 has reached end of life and now isn’t supported by Microsoft. It means businesses and consumers with PCs running on Windows 7 – which was introduced in 2009 – will no longer receive technical assistance, software patches and security updates from Microsoft, unless they want to pay extra.

Microsoft has urged users still running Windows 7 to upgrade to Windows 10 to continue to receive technical support. But despite these warnings coming over a number of years, it’s estimated that 200 million PC users are still running Windows 7.

Put simply, if a new security vulnerability or software bug is uncovered in Windows 7, Microsoft is no longer obliged to release any sort of patch to fix the issue on the unsupported operating system; and that’s something that could put individuals and organisations that still rely on Windows 7 in danger from cyberattacks, hacking and malware.

Such is the potential risk posed by this that the UK’s National Cyber Security Centre – the cyber arm of the GCHQ intelligence service – has issued a warning over the continued use of Windows 7 PCs and laptops, telling users they shouldn’t use Windows 7 devices when accessing personal data.

“The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates that help protect their devices,” an NCSC spokesperson told ZDNet.

“We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts. They should also consider accessing email from a different device.”

Individuals who haven’t upgraded to Windows 10 will inevitably face security risks should they stick with Windows 7, but for organisations that continue to use Windows 7, the potential risks are much greater.

Businesses hold data on large groups of people and it’s not beyond the realms of possibly that attackers could exploit new vulnerabilities uncovered in Windows 7 to maliciously infiltrate networks via phishing or malware attacks and gain access to that data. The global WannaCry ransomware attack of May 2017 demonstrated how vulnerable machines that haven’t received security updates can be to hackers.

Then last year, researchers detailed BlueKeep, another Windows vulnerability that could have a similar impact. Therefore, by continuing to use an unsupported operating system, organisations are putting themselves at unnecessary risk from major attacks that exploit any new vulnerabilities found in Windows 7.

“In May, we learned about the BlueKeep vulnerability which, if exploited, could allow an unauthenticated remote attacker to connect to a Windows server via remote desktop protocol (RDP) and execute arbitrary code on the remote server. Both Windows 7 and XP are still at risk of this exploit,” said Sivan Nir, threat intelligence team leader at Skybox Security.

“While some vulnerabilities have network-based mitigation alternatives to patching, like applying an IPS-based signature, this will not be the case for the majority of vulnerabilities. Windows XP users are currently sitting ducks. Now, Windows 7 users will join them,” she added.

Even for organisations that have pushed towards upgrading their PC environment from Windows 7 to Windows 10, there’s still the potential that there could be some Windows 7 devices left lurking on the network – and it could be a good idea for organisations who’ve upgraded their architecture to double-check something hasn’t been missed.

“The simple fact is that ‘if you can’t measure it, you can’t manage it’. In other words, if you don’t routinely check your own network for what is on it, you’ll never confidently be able to say what isn’t there,” said Paul Ducklin, principal security researcher at Sophos.

Devices ranging from laptops users have brought from home to things like marketing kiosks and virtual billboards could all potentially be running on Windows 7 and could all have potentially been missed in initial examinations of the network.

Organisations should ensure they really do know what’s on their networks – because with Windows 7 out-of-support, hackers will be looking for any unsupported and unpatched device they can take advantage of as as an entry point into the network.

“If you don’t take stock of your network by scanning it and measuring it to see how much Windows 7 you really have, the chances are the cybercrooks will surely do it for you,” said Ducklin.

Despite Windows 7 reaching end of life, some organisations remain resistant to upgrading, often citing that the change will be complex or expensive. However, by choosing to use an unsupported version of Windows 7, it might only be a matter of time before an organisation finds itself falling victim to cyber attackers looking to target the decade-old operating system.

“Ultimately, these organisations need to upgrade and the sooner the better. Cyberattacks aren’t going to disappear overnight; security teams should be working to protect their organisations’ networks. If they don’t upgrade soon, then worst-case scenario could be another WannaCry-style attack.” said Nir.

“Even though businesses are reluctant to purchase more recent versions of Windows, keeping themselves without security updates is incredibly dangerous, and the risk of financial and reputational damage is huge. For those who don’t have a clear plan to move away from Windows 7, it is about time to create one,” she said.

Source: ZDnet.com

Zeo can help get your windows 10 upgrade completed making sure your operating system is running at optimal performance, while keeping your business network secure.  CONTACT US TODAY!

The post Windows 7 end of life: Security risks and what you should do next appeared first on Zeo Technologies.

Microsoft this week reworked its Windows 10 development model, severing links between features and specific releases so that it can deliver the former “when they are ready.”
“While features in the active development branch may be slated for a future Windows 10 release, they are no longer matched to a specific Windows 10 release,” Brandon LeBlanc, a senior program manager on the Windows Insider team, wrote in a Dec. 16 post to a company blog. “New features and OS improvements done in this branch during these development cycles will show up in future Windows 10 releases when they are ready.”

Since Windows 10’s mid-2015 launch, Microsoft has publicly linked features to their intended releases, usually by introducing them in a blog post connected to the preview build in which they debuted. Microsoft has reinforced those connections by repeatedly trumpeting major new features each time it describes the coming release. On occasion, the linkages have had to be broken as the Redmond, Wash. company retracted a feature previously scheduled for a specific release. But that has been rare.

(One of the most prominent features backed out of a release was Windows Sets, which had been touted in 2017 and slated for a 2018 upgrade but ended up as a no-show.)

The difference between the old way and LeBlanc’s description of the new may be too subtle to be noticeable by outsiders. In the past, Microsoft almost certainly did not share everything related to scheduling the contents of a then-upcoming-now-past upgrade. Just as certainly, that will be the case going forward. What Microsoft doesn’t tell customers are, to quote a former Secretary of Defense, the “unknown unknowns — the ones we don’t know we don’t know.”

But by claiming “when they are ready” as the guide for future features, Microsoft implied that at least some had not been so when they were baked into past upgrades. That’s a puzzling tack, even risky, if customers pause a moment to absorb the phrase and inevitably wonder, “Wait, weren’t they ready before?”

Microsoft’s newfound stance on “not until it’s ready” was reminiscent of browser makers, who have long used that model as they crank out seven or more new versions annually. For browser developers, it’s nothing for a feature to miss the intended “train” or version; the feature can catch the next six or eight weeks later. That was the whole point of a more-is-better release strategy.

The analogy doesn’t track exactly, though. That’s because new Windows 10 features can catch only two trains each year, not seven or eight (as with Chrome) or 12 or 13 (Firefox). Miss one and there’s at least a six-month wait.

Or double that.

In 2019, Microsoft launched a major release in the spring and a minor one in the fall, making the latter little more than a rerun of the former, a “service pack” retread with few new features, none of significance. If Microsoft maintains that cadence in 2020 and beyond, delayed features of substance could be postponed a full year.

Speaking of major and minor….

Microsoft has yet to answer one of the questions about Windows 10 from 2019: Is the major (spring) and minor (fall) upgrade slate a one-off or the new normal?

More than a month ago, Computerworld predicted that Microsoft would tip its hand when it started previewing the version of Windows that was to follow 2004, the Spring 2020 upgrade that by accounts is finished or nearly so. If Microsoft began seeding Insider participants with early code for 21H1 (Microsoft’s code name for the upgrade eventually released in Spring 2021), 2020 would repeat the cadence of 2019, a major, then a minor release. But if Microsoft instead slotted next year’s second upgrade, 21H2, into Insider, it would be evidence that it was reverting to the 2017-2018 model of two relatively equal feature upgrades.

What Computerworld failed to consider — like someone asked to predict a coin flip not accounting for it to end on its edge — was neither. By separating features from specific releases, Microsoft is able to dodge the question of what comes after Windows 10 2004. What it will preview via Insider could be destined for 20H2, 21H1 or neither.

Nor did Le Blanc give any clues. “We may deliver these new features and OS improvements as full OS build updates or servicing releases,” he wrote, covering both major (full OS) and minor (servicing) releases.

Cynics might be tempted to see the whole instance — the talk of “when they are ready” — as a smokescreen that lets Microsoft put off deciding which upgrade cadence to adopt for 2020. There may be something to that: Microsoft has said it is “closely monitoring feedback” from the major-minor “pilot” of 2019. What with the year’s minor refresh, 1909, having been available for just a month and seeing as how businesses have likely done next to nothing with the service pack since, there probably is little to no feedback to monitor at this point. The firm may want more time to evaluate the 2019 cadence and whether it worked for the most important customers, enterprises.

By claiming that no feature will be assigned a specific upgrade before its time, Microsoft can continue to issue new code for Insiders to test without committing to a release model.

Slow down

Although it can be dangerous to ascribe rationales to decisions others make — it risks organizing something without coherence — that’s not stopped Computerworld.
Separating features from releases so that the former is added to the latter only “when they are ready” may signal that Microsoft expects a slow, if not necessarily slower, upgrade pace — one that is, if nothing else, unhurried.

(If so, the debacle of Windows 10 1809 must still sting in Redmond more so than it has let on publicly. By slowing down the release tempo, Microsoft and its Insiders get more time to test.)

That, in turn, hints at the slower of the two cadences in question: 2019’s major-minor releases.

But if that is to be the case, why bother changing the feature-release relationship? Assuming the tempo of this year is retained next, what’s the purpose of Microsoft saying “((features)) are no longer matched to a specific Windows 10 release”?

Is it because the linkage will be increasingly unimportant, and because there will be really just one feature upgrade annually? What, exactly, was the purpose of this year’s 1909, an update that was in no way an upgrade, what with so few new features, enhancements or improvements over 1903? Was it only to have a release that qualified for 30 months of support for Windows 10 Enterprise users?

That could be arranged without the hassle of building a Potemkin upgrade for the fall: Simply announce that the spring refresh, the one that actually includes new functionality and features, will be supported for 30 months on Windows 10 Enterprise and Windows 10 Education.

And then boot the fall upgrade so that there’s only one each year.

Source:  ComputerWorld

The post Microsoft dissolves links between features and Windows 10 releases appeared first on Zeo Technologies.