We’ve already had ample warning that Windows 7 and derivatives are reaching the end of life, but what is actually going to happen on January 15th? Previously, Microsoft was content to just let the devices fall off on their own, but devices with XP hung on for years past what anyone expected. Many of us still deal with the odd Server 2003 machine. Microsoft has also been receiving a bit of ire for their forced upgrades on Windows 10, so it should come as no surprise that they’re going to do the same with Windows 7.
Microsoft has stated that the December 10th rollup KB4530734 will show a full screen popup telling users that Windows 7 has reached the end of life and there will be no further updates without purchasing extended support. The popup will require user interaction. The good news is that Microsoft has stated that this will not affect machines in kiosk mode or machines joined to a domain. This patch also applies to Windows Server 2008 R2.
Since Windows 7 and Server 2008 (R2) are all going out of support, they will also be going out of compliance (e.g. PCI compliance). Most compliance specifications have something touching on updated software or operating systems. To make it even worse, usually just a single agent at the site is enough to blow the compliance status of the entire site.
PCI compliance, HIPAA compliance, ISO 27001, etc. all require operating systems to be supported and up to date. Out of date OSes create massive issues and can be a huge security vulnerability. The compliance headache of a violation alone should be enough to move most businesses, but unfortunately, it’s not unless it’s explained correctly. Your business should know that a compliance violation can be grounds for a fine or lawsuit if you don’t act.
Windows 7 and Server 2008 (R2) going out of support are one of the many security concerns for 2020. It’s also one of the easiest to stop at least, but many organizations want to hold out like they did for XP. The popup won’t be showing up for domain joined machines though, so the people who need it the most probably won’t see it.
There are some serious security risks to consider with Windows 7 and derivatives. First, there aren’t going to be anymore updates. That means the next Specter or SWAPGS are probably going to be there to stay. Microsoft may have relented with XP, but the nagware and push towards Windows 10 and its inability to avoid patching is a direct action to force upgrades this time around.
Microsoft isn’t the only one planning to drop support for Windows 7, it gives third-party software developers a reason to drop it as well. From advanced security software to basic accounting software, all of them will drop support sooner than later. It only makes sense to drop a platform without vendor support since it means less testing and less support for something which should be gone already.
Holding Out for Windows 7
Microsoft doesn’t have to worry about too many holdouts. Windows 7 will have been supported for almost a decade, and they stopped selling licenses in 2016. Modern hardware doesn’t support it, and come January 15, 2020, new hardware will begin to work less and less with Windows 7.
The machines from early in Windows 7’s life cycle have ancient dual core processors and some even have 2GB or 4GB, which is almost unusable with the modern internet. They’re littered with old spinning rust drives which have long passed the 3-year reliability mark, and early generation SSDs, some of which didn’t even have TRIM. Microsoft is just going to let attrition take out the few holdouts where they can. After all, how long are these machines going to be usable?
Avoid Security Ramifications of Windows 7
Microsoft has “forgotten” to close a loophole which can be used to upgrade from Windows 7 or 8.1 to Windows 10 for free. Upgrading is the easiest way to avoid security issues. This method also wholesale avoids the compliance issue if you can do this at the entire organization.
Obviously, upgrading everything isn’t always possible. Some legacy programs require Windows 7 or older, and there can be other compelling reasons a client doesn’t want to upgrade. Even though they may have good enough reasons, their decision or limitation is still going to present security issues.
We previously went over how to circumvent some of these limitations. Airgap the environment with legacy bits as much as possible and use virtualization where possible. This won’t necessarily solve your compliance woes entirely, but it does reduce them.
Capitalizing on the End of Windows 7 and Server 2008 (R2)
You can bet hardware manufacturers and technical companies are going to take the chance to cash in on the end of Windows 7 and Server 2008 (R2).
A new computer shouldn’t have issues with Windows 10, but that Windows 7 machine may just simply not be compatible. How old is it by the way? Can you get parts if it dies? How business essential is that machine?
If you decide to keep some Windows 7 or Server 2008 (R2) servers, you need to have the uncomfortable talk about security. It’s not going to be supported, so who ends up supporting it? You do! The networks with legacy OSes need to be schemed off as much as possible and made as secure as possible. This can require new networking equipment if the old stuff just doesn’t cut it.
Countless service, software, and hardware companies are all looking to cash in on the mass exodus from Windows 7. Make your life easier and spend less now than when things can get ugly like the brakes of a car. It’s cheaper to change your brake pads than ignoring them and having to repair a multitude of issues later because quite frankly you ignored the red flags. Become secure and compliant again without wasting any more time.
KB4530734 probably won’t affect your enterprise, but it shows what Microsoft is planning. They learned from the inertia against moving away from Windows XP. The same tricks forcing people between upgrades of Windows 10 are going to be used against Windows 7 holdouts.
Don’t expect KB4530734 to be the last move to push people from Windows 7. Expect more nagware and inconvenience to force upgrades to either extended support or Windows 10.
The popup is going to be the least of your worries if you don’t act now. With modern security threats and the growing interconnects of every device, you need to be on top of security or risk the destruction of your business. Your livelihood is on the line if you don’t act, and Microsoft has no qualms doing what is necessary to ensure upgrades. Move now or risk compliance and security issues.