Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/1/2020
10:00 AM
AJ Dunham
AJ Dunham
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

Why Are There Still So Many Windows 7 Devices?

As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.

More than six months after the end of life of Windows 7, the operating system is still alive and well. In fact, devices are nearly just as prevalent as they were last year.

Windows 7 devices accounted for 15% of all endpoint operating systems in the Forescout Device Cloud as of June. While this is not a comprehensive account of all devices, it represents a significant sample size with more than 12 million unique IT, Internet of Things, and operational technology (OT) devices across every major industry.

As a sign of the operating system's prevalence overall, it was only in January 2019 — four years after it first launched — that Microsoft's most recent operating system Windows 10 surpassed Windows 7 in usage. Microsoft put the end of life into effect January 14, 2020.

This month, the FBI issued a private industry notification warning that it had observed cybercriminals targeting outdated operating systems and recommending that companies update to the most recent versions in order to reduce risk.

"Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered," the FBI warning says. With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target, the agency adds.

The end of life of Windows 7 meant that Microsoft would no longer be issuing ongoing security updates for the operating system. While this does not make the operating system more prone to cyberattacks right away, it does mean that it will become inherently less secure over time as patches are not issued for newly found vulnerabilities. 

"You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates," Microsoft says in a warning to users about continuing to use the out-of-date operating system. It encourages them to update to the latest version, Windows 10.

The devices still running Windows 7 could be found in companies in nearly every industry, from government to financial to manufacturing, according to the Forescout figures. These devices could include PCs, servers, and a variety of other devices, all of which at this time are unsupported from a cybersecurity perspective by Microsoft.

However, updating many of these devices isn't necessarily as simple as it might sound because there are millions of Windows 7 devices still out there, and the average organization could have hundreds or even thousands of these devices. Organizations will have to first identify which devices are still running the out-of-date operating system, then take the time to update each.

Further complicating that challenge is updating many devices in operational technology or critical infrastructure environments may unintentionally break the functionality of critical software running on that device, or the device itself. The organization may also not be able to tolerate the downtime needed to update the device if it is responsible for a critical function, such as in a healthcare or manufacturing environment. 

The continued occurrences of Windows XP, which was made end of life in 2014, illustrates this challenge of moving devices off of legacy operating systems. According to the Forescout data, tens of thousands of devices are still running Windows XP nearly six years after it is no longer supported.

Organizations who have instances of devices that cannot be updated for any of these reasons may want to consider other risk mitigation steps they can take, especially as the amount of time that the operating system has been unsupported grows. In particular, this risk underscores the benefits of a zero-trust architecture, which starts from the assumption that all devices are risky unless proven otherwise.

Implementing zero trust starts with having a deep and comprehensive understanding of all devices on the network and their risk posture, including devices like those running Windows 7 that may have additional risk factors. That context can then be turned into security policies and network segmentation strategies based on a device's individual risk posture. Ideally, an organization can implement this framework across all types of networks, including wired, wireless, cloud, and OT.

The vast majority of devices running Windows have made the upgrade to Windows 10. According to Forescout, 78% of Windows devices are running that most recent operating system, which is consistently updated with security patches. For the remaining Windows 7 devices, organizations should deploy a strategy to identify and secure them.

AJ Dunham is a seasoned security professional specializing in Network Security. He began his career working at MITRE Corporation working on Combat Information Transport Systems (CITS), a multi-billion-dollar program to refresh the US Air Force's network to support wartime, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
andersonjosephine
50%
50%
andersonjosephine,
User Rank: Apprentice
9/24/2020 | 5:50:29 AM
How to Update Outdated Drivers on Windows 7
Such a great post about Windows 7. But I want how to Update Outdated Drivers on Windows 7, 8, 10. Can you please help.
tetevic
50%
50%
tetevic,
User Rank: Apprentice
9/4/2020 | 2:36:35 AM
Re: Why are you surprised?
I have visited a company this month where 70% of their computers were windows XP and 2k3 servers. Crazy!
Logrhed47
50%
50%
Logrhed47,
User Rank: Apprentice
9/3/2020 | 11:37:31 PM
Re: Why are you surprised?
Let me guess...... you work for Micosucks, or maybe Dell.  They have trashed 3 computers in the last year with updates.  They have a way of getting rid of older computers w/out going to Windows 10.  The economy needs a lift with shutdowns.   Windows 7 by the way is not as pervaasive as Windows 10 and isn't as monotonous an attempt at windows 10 as in Windows 8.  If you are happy with and can keep your older PC by all means do it.
Dr. Kevin Harris
50%
50%
Dr. Kevin Harris,
User Rank: Apprentice
9/3/2020 | 2:15:48 PM
Maintenance
Thank you for continuing to remind the user community of one of the risks of reducing maintenance budgets! 
Yenrab
100%
0%
Yenrab,
User Rank: Strategist
9/2/2020 | 3:24:38 PM
Why are you surprised?
When Microsoft, along with Intel, want to tell you exactly how you can use and configure your computer, as in "You WILL do it OUR WAY", people just get tired of it and won't upgrade.  I am typing this from an XP box.  Works just fine for almost everything I need to do.  It's not the money, it's I just don't like not being able to tailor the system the way I want.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25660
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
CVE-2020-25688
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
CVE-2020-25696
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
CVE-2020-26229
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
CVE-2020-28984
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.