FBI Issues Warning on Windows 7 EOL
On Monday, August 3, the FBI sent out a private industry notification urging organizations to upgrade systems still running on Windows 7. Microsoft ended support for Windows 7 more than six months ago. Microsoft allows Windows 7 systems to upgrade to Windows 10 at no cost. However, older hardware may not have the capacity to support Windows 10, so an upgrade would necessitate purchasing new equipment.
Over the last five months, much of the corporate infrastructure has been operated remotely; new systems may have been made remotely accessible which were previously isolated; and lifecycle plans were placed on hold. The security posture of Windows 7 has not improved during this time. Make sure that you don't allow either direct internet access to Windows 7 systems or direct access to your corporate network, remotely or locally from them. Remote workers running Windows 7, not currently behind the corporate perimeter, should be at the top of the equipment replacement list.
While companies should migrate to more modern operating systems, the reality is that some computers will remain on older platforms. This is due to dependencies in legacy applications, embedded operating systems in devices, or lack of budget. Your vulnerability management strategy should include how you manage the risks associated with outdated operating systems and software for which no patches or updates may be available. Things to consider should include enhanced monitoring, filtering of network traffic, segmenting vulnerable systems from other parts of your network, and updating both your incident response and business continuity plans.