Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
AJ Dunham
AJ Dunham
Connect Directly
E-Mail vvv

Why Are There Still So Many Windows 7 Devices?

As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.

More than six months after the end of life of Windows 7, the operating system is still alive and well. In fact, devices are nearly just as prevalent as they were last year.

Windows 7 devices accounted for 15% of all endpoint operating systems in the Forescout Device Cloud as of June. While this is not a comprehensive account of all devices, it represents a significant sample size with more than 12 million unique IT, Internet of Things, and operational technology (OT) devices across every major industry.

As a sign of the operating system's prevalence overall, it was only in January 2019 — four years after it first launched — that Microsoft's most recent operating system Windows 10 surpassed Windows 7 in usage. Microsoft put the end of life into effect January 14, 2020.

This month, the FBI issued a private industry notification warning that it had observed cybercriminals targeting outdated operating systems and recommending that companies update to the most recent versions in order to reduce risk.

"Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered," the FBI warning says. With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target, the agency adds.

The end of life of Windows 7 meant that Microsoft would no longer be issuing ongoing security updates for the operating system. While this does not make the operating system more prone to cyberattacks right away, it does mean that it will become inherently less secure over time as patches are not issued for newly found vulnerabilities. 

"You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates," Microsoft says in a warning to users about continuing to use the out-of-date operating system. It encourages them to update to the latest version, Windows 10.

The devices still running Windows 7 could be found in companies in nearly every industry, from government to financial to manufacturing, according to the Forescout figures. These devices could include PCs, servers, and a variety of other devices, all of which at this time are unsupported from a cybersecurity perspective by Microsoft.

However, updating many of these devices isn't necessarily as simple as it might sound because there are millions of Windows 7 devices still out there, and the average organization could have hundreds or even thousands of these devices. Organizations will have to first identify which devices are still running the out-of-date operating system, then take the time to update each.

Further complicating that challenge is updating many devices in operational technology or critical infrastructure environments may unintentionally break the functionality of critical software running on that device, or the device itself. The organization may also not be able to tolerate the downtime needed to update the device if it is responsible for a critical function, such as in a healthcare or manufacturing environment. 

The continued occurrences of Windows XP, which was made end of life in 2014, illustrates this challenge of moving devices off of legacy operating systems. According to the Forescout data, tens of thousands of devices are still running Windows XP nearly six years after it is no longer supported.

Organizations who have instances of devices that cannot be updated for any of these reasons may want to consider other risk mitigation steps they can take, especially as the amount of time that the operating system has been unsupported grows. In particular, this risk underscores the benefits of a zero-trust architecture, which starts from the assumption that all devices are risky unless proven otherwise.

Implementing zero trust starts with having a deep and comprehensive understanding of all devices on the network and their risk posture, including devices like those running Windows 7 that may have additional risk factors. That context can then be turned into security policies and network segmentation strategies based on a device's individual risk posture. Ideally, an organization can implement this framework across all types of networks, including wired, wireless, cloud, and OT.

The vast majority of devices running Windows have made the upgrade to Windows 10. According to Forescout, 78% of Windows devices are running that most recent operating system, which is consistently updated with security patches. For the remaining Windows 7 devices, organizations should deploy a strategy to identify and secure them.

AJ Dunham is a seasoned security professional specializing in Network Security. He began his career working at MITRE Corporation working on Combat Information Transport Systems (CITS), a multi-billion-dollar program to refresh the US Air Force's network to support wartime, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/24/2020 | 5:50:29 AM
How to Update Outdated Drivers on Windows 7
Such a great post about Windows 7. But I want how to Update Outdated Drivers on Windows 7, 8, 10. Can you please help.
User Rank: Apprentice
9/4/2020 | 2:36:35 AM
Re: Why are you surprised?
I have visited a company this month where 70% of their computers were windows XP and 2k3 servers. Crazy!
User Rank: Apprentice
9/3/2020 | 11:37:31 PM
Re: Why are you surprised?
Let me guess...... you work for Micosucks, or maybe Dell.  They have trashed 3 computers in the last year with updates.  They have a way of getting rid of older computers w/out going to Windows 10.  The economy needs a lift with shutdowns.   Windows 7 by the way is not as pervaasive as Windows 10 and isn't as monotonous an attempt at windows 10 as in Windows 8.  If you are happy with and can keep your older PC by all means do it.
Dr. Kevin Harris
Dr. Kevin Harris,
User Rank: Apprentice
9/3/2020 | 2:15:48 PM
Thank you for continuing to remind the user community of one of the risks of reducing maintenance budgets! 
User Rank: Strategist
9/2/2020 | 3:24:38 PM
Why are you surprised?
When Microsoft, along with Intel, want to tell you exactly how you can use and configure your computer, as in "You WILL do it OUR WAY", people just get tired of it and won't upgrade.  I am typing this from an XP box.  Works just fine for almost everything I need to do.  It's not the money, it's I just don't like not being able to tailor the system the way I want.
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.