THE END OF THE LINE

It is now just over 10 years since the launch of Windows 7, and Microsoft is now, in a sense, officially consigning the operating system to the archives.

This decade anniversary is important because it was the reason why mid-January 2020 was chosen as the time when extended support for Windows 7 would end, so updates and patches are no longer routinely available.

Some further support will continue to be on offer for those willing to pay, but this will not last indefinitely, so the final end is in sight.

Microsoft previously said that it “strongly recommends that you move to Windows 10 some time before January 2020.”

But not everyone has done that, which raises the question of what the many companies whose desktops rely on Windows 7 should do to protect themselves when security patches and updates are no longer provided.

“There is potential for zero-day vulnerabilities – never-before-seen in the world,” says Karl Lankford, director, solutions engineering, BeyondTrust.

Normally, of course, the manufacturer produces fixes for such emerging vulnerabilities, but once a product goes end of life, that is no longer the case.

“The risk is the unknown unknowns. We don’t know what’s coming next. We don’t know how that will manifest itself,” says Lankford.

“We’ll see more of these vulnerabilities appear; we certainly did at the end of Windows XP support.”

Experts have noted that Windows 7 is already starting to look vulnerable from a security perspective, even before the end of life. Notably, it was the operating system most heavily affected by the WannaCry ransomware attacks of May 2017.

Windows 7 is still being used by many tens of millions of machines around the world so, as Lankford puts it, there will be “a pretty big attack surface” once it goes end of life.