Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/1/2020
10:00 AM
AJ Dunham
AJ Dunham
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

Why Are There Still So Many Windows 7 Devices?

As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.

More than six months after the end of life of Windows 7, the operating system is still alive and well. In fact, devices are nearly just as prevalent as they were last year.

Windows 7 devices accounted for 15% of all endpoint operating systems in the Forescout Device Cloud as of June. While this is not a comprehensive account of all devices, it represents a significant sample size with more than 12 million unique IT, Internet of Things, and operational technology (OT) devices across every major industry.

As a sign of the operating system's prevalence overall, it was only in January 2019 — four years after it first launched — that Microsoft's most recent operating system Windows 10 surpassed Windows 7 in usage. Microsoft put the end of life into effect January 14, 2020.

This month, the FBI issued a private industry notification warning that it had observed cybercriminals targeting outdated operating systems and recommending that companies update to the most recent versions in order to reduce risk.

"Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered," the FBI warning says. With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target, the agency adds.

The end of life of Windows 7 meant that Microsoft would no longer be issuing ongoing security updates for the operating system. While this does not make the operating system more prone to cyberattacks right away, it does mean that it will become inherently less secure over time as patches are not issued for newly found vulnerabilities. 

"You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates," Microsoft says in a warning to users about continuing to use the out-of-date operating system. It encourages them to update to the latest version, Windows 10.

The devices still running Windows 7 could be found in companies in nearly every industry, from government to financial to manufacturing, according to the Forescout figures. These devices could include PCs, servers, and a variety of other devices, all of which at this time are unsupported from a cybersecurity perspective by Microsoft.

However, updating many of these devices isn't necessarily as simple as it might sound because there are millions of Windows 7 devices still out there, and the average organization could have hundreds or even thousands of these devices. Organizations will have to first identify which devices are still running the out-of-date operating system, then take the time to update each.

Further complicating that challenge is updating many devices in operational technology or critical infrastructure environments may unintentionally break the functionality of critical software running on that device, or the device itself. The organization may also not be able to tolerate the downtime needed to update the device if it is responsible for a critical function, such as in a healthcare or manufacturing environment. 

The continued occurrences of Windows XP, which was made end of life in 2014, illustrates this challenge of moving devices off of legacy operating systems. According to the Forescout data, tens of thousands of devices are still running Windows XP nearly six years after it is no longer supported.

Organizations who have instances of devices that cannot be updated for any of these reasons may want to consider other risk mitigation steps they can take, especially as the amount of time that the operating system has been unsupported grows. In particular, this risk underscores the benefits of a zero-trust architecture, which starts from the assumption that all devices are risky unless proven otherwise.

Implementing zero trust starts with having a deep and comprehensive understanding of all devices on the network and their risk posture, including devices like those running Windows 7 that may have additional risk factors. That context can then be turned into security policies and network segmentation strategies based on a device's individual risk posture. Ideally, an organization can implement this framework across all types of networks, including wired, wireless, cloud, and OT.

The vast majority of devices running Windows have made the upgrade to Windows 10. According to Forescout, 78% of Windows devices are running that most recent operating system, which is consistently updated with security patches. For the remaining Windows 7 devices, organizations should deploy a strategy to identify and secure them.

AJ Dunham is a seasoned security professional specializing in Network Security. He began his career working at MITRE Corporation working on Combat Information Transport Systems (CITS), a multi-billion-dollar program to refresh the US Air Force's network to support wartime, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Yenrab
100%
0%
Yenrab,
User Rank: Strategist
9/2/2020 | 3:24:38 PM
Why are you surprised?
When Microsoft, along with Intel, want to tell you exactly how you can use and configure your computer, as in "You WILL do it OUR WAY", people just get tired of it and won't upgrade.  I am typing this from an XP box.  Works just fine for almost everything I need to do.  It's not the money, it's I just don't like not being able to tailor the system the way I want.
Dr. Kevin Harris
50%
50%
Dr. Kevin Harris,
User Rank: Apprentice
9/3/2020 | 2:15:48 PM
Maintenance
Thank you for continuing to remind the user community of one of the risks of reducing maintenance budgets! 
Logrhed47
50%
50%
Logrhed47,
User Rank: Apprentice
9/3/2020 | 11:37:31 PM
Re: Why are you surprised?
Let me guess...... you work for Micosucks, or maybe Dell.  They have trashed 3 computers in the last year with updates.  They have a way of getting rid of older computers w/out going to Windows 10.  The economy needs a lift with shutdowns.   Windows 7 by the way is not as pervaasive as Windows 10 and isn't as monotonous an attempt at windows 10 as in Windows 8.  If you are happy with and can keep your older PC by all means do it.
tetevic
50%
50%
tetevic,
User Rank: Apprentice
9/4/2020 | 2:36:35 AM
Re: Why are you surprised?
I have visited a company this month where 70% of their computers were windows XP and 2k3 servers. Crazy!
cetak
50%
50%
cetak,
User Rank: Apprentice
9/6/2020 | 10:36:15 AM
Re: Why are you surprised?
I must say that overall I am really impressed with this blog.It is easy to see that you are impassioned about you writing.
andersonjosephine
50%
50%
andersonjosephine,
User Rank: Apprentice
9/24/2020 | 5:50:29 AM
How to Update Outdated Drivers on Windows 7
Such a great post about Windows 7. But I want how to Update Outdated Drivers on Windows 7, 8, 10. Can you please help.
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.