Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/1/2020
10:00 AM
AJ Dunham
AJ Dunham
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

Why Are There Still So Many Windows 7 Devices?

As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.

More than six months after the end of life of Windows 7, the operating system is still alive and well. In fact, devices are nearly just as prevalent as they were last year.

Windows 7 devices accounted for 15% of all endpoint operating systems in the Forescout Device Cloud as of June. While this is not a comprehensive account of all devices, it represents a significant sample size with more than 12 million unique IT, Internet of Things, and operational technology (OT) devices across every major industry.

As a sign of the operating system's prevalence overall, it was only in January 2019 — four years after it first launched — that Microsoft's most recent operating system Windows 10 surpassed Windows 7 in usage. Microsoft put the end of life into effect January 14, 2020.

This month, the FBI issued a private industry notification warning that it had observed cybercriminals targeting outdated operating systems and recommending that companies update to the most recent versions in order to reduce risk.

"Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered," the FBI warning says. With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target, the agency adds.

The end of life of Windows 7 meant that Microsoft would no longer be issuing ongoing security updates for the operating system. While this does not make the operating system more prone to cyberattacks right away, it does mean that it will become inherently less secure over time as patches are not issued for newly found vulnerabilities. 

"You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates," Microsoft says in a warning to users about continuing to use the out-of-date operating system. It encourages them to update to the latest version, Windows 10.

The devices still running Windows 7 could be found in companies in nearly every industry, from government to financial to manufacturing, according to the Forescout figures. These devices could include PCs, servers, and a variety of other devices, all of which at this time are unsupported from a cybersecurity perspective by Microsoft.

However, updating many of these devices isn't necessarily as simple as it might sound because there are millions of Windows 7 devices still out there, and the average organization could have hundreds or even thousands of these devices. Organizations will have to first identify which devices are still running the out-of-date operating system, then take the time to update each.

Further complicating that challenge is updating many devices in operational technology or critical infrastructure environments may unintentionally break the functionality of critical software running on that device, or the device itself. The organization may also not be able to tolerate the downtime needed to update the device if it is responsible for a critical function, such as in a healthcare or manufacturing environment. 

The continued occurrences of Windows XP, which was made end of life in 2014, illustrates this challenge of moving devices off of legacy operating systems. According to the Forescout data, tens of thousands of devices are still running Windows XP nearly six years after it is no longer supported.

Organizations who have instances of devices that cannot be updated for any of these reasons may want to consider other risk mitigation steps they can take, especially as the amount of time that the operating system has been unsupported grows. In particular, this risk underscores the benefits of a zero-trust architecture, which starts from the assumption that all devices are risky unless proven otherwise.

Implementing zero trust starts with having a deep and comprehensive understanding of all devices on the network and their risk posture, including devices like those running Windows 7 that may have additional risk factors. That context can then be turned into security policies and network segmentation strategies based on a device's individual risk posture. Ideally, an organization can implement this framework across all types of networks, including wired, wireless, cloud, and OT.

The vast majority of devices running Windows have made the upgrade to Windows 10. According to Forescout, 78% of Windows devices are running that most recent operating system, which is consistently updated with security patches. For the remaining Windows 7 devices, organizations should deploy a strategy to identify and secure them.

AJ Dunham is a seasoned security professional specializing in Network Security. He began his career working at MITRE Corporation working on Combat Information Transport Systems (CITS), a multi-billion-dollar program to refresh the US Air Force's network to support wartime, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
andersonjosephine
50%
50%
andersonjosephine,
User Rank: Apprentice
9/24/2020 | 5:50:29 AM
How to Update Outdated Drivers on Windows 7
Such a great post about Windows 7. But I want how to Update Outdated Drivers on Windows 7, 8, 10. Can you please help.
cetak
50%
50%
cetak,
User Rank: Apprentice
9/6/2020 | 10:36:15 AM
Re: Why are you surprised?
I must say that overall I am really impressed with this blog.It is easy to see that you are impassioned about you writing.
tetevic
50%
50%
tetevic,
User Rank: Apprentice
9/4/2020 | 2:36:35 AM
Re: Why are you surprised?
I have visited a company this month where 70% of their computers were windows XP and 2k3 servers. Crazy!
Logrhed47
50%
50%
Logrhed47,
User Rank: Apprentice
9/3/2020 | 11:37:31 PM
Re: Why are you surprised?
Let me guess...... you work for Micosucks, or maybe Dell.  They have trashed 3 computers in the last year with updates.  They have a way of getting rid of older computers w/out going to Windows 10.  The economy needs a lift with shutdowns.   Windows 7 by the way is not as pervaasive as Windows 10 and isn't as monotonous an attempt at windows 10 as in Windows 8.  If you are happy with and can keep your older PC by all means do it.
Dr. Kevin Harris
50%
50%
Dr. Kevin Harris,
User Rank: Apprentice
9/3/2020 | 2:15:48 PM
Maintenance
Thank you for continuing to remind the user community of one of the risks of reducing maintenance budgets! 
Yenrab
100%
0%
Yenrab,
User Rank: Strategist
9/2/2020 | 3:24:38 PM
Why are you surprised?
When Microsoft, along with Intel, want to tell you exactly how you can use and configure your computer, as in "You WILL do it OUR WAY", people just get tired of it and won't upgrade.  I am typing this from an XP box.  Works just fine for almost everything I need to do.  It's not the money, it's I just don't like not being able to tailor the system the way I want.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...