Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/24/2018
04:05 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Windows 7 End-of-Life: Are You Ready?

Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.

Microsoft will terminate support for Windows 7 on January 14, 2020. That may seem far off, but the clock is ticking – and security and IT teams have sixteen months to figure out a plan.

Many businesses already have the ball rolling, notes Andrew Hewitt, Forrester analyst serving infrastructure and operations professionals, who says the upcoming end-of-life "is a major point of focus for a lot of organizations I'm working with right now."

Hewitt points to "a massive push toward Windows 10" as organizations prep for Microsoft to terminate Windows 7 support. However, different businesses are approaching the Windows 10 upgrade in different ways, which largely depend on their size and maturity, he says.

Windows 10 readiness varies widely. More than half of respondents in a recent survey by Avecto say they're ready for the migration; however, 44% are unsure about their plans or feel unprepared. Part of the problem is awareness: 30% think the end of life for Windows 7 has already occurred, and only 30% knew the date of Microsoft's planned termination, according to the report, which polled 500 IT and security pros on their preparedness to upgrade to the new OS, as well as the related benefits and risks. 

The most surprising finding in the survey was the lack of certainty around the end-of-life for Windows 7, says Kevin Alexandra, principal consultant at Avecto. "It's the default operating system for most businesses – has been for the past few years," he adds. As Microsoft continues to push the Windows 7 end-of-life, companies are reluctant to fix something they don't see as broken.

What's Holding Them Back?

Compounding this reluctance are myriad challenges associated with upgrading an operating system that so many devices and applications rely on, says Hewitt, who says the biggest hurdle will be preparing on-premise legacy applications for the transition.

Organizations with a huge number of legacy apps, especially without a virtualized environment, will have a difficult time testing them for Windows 10 compatibility. "It can take a lot more time to make sure those apps are ready," he adds, especially when focusing on mission-critical tools.

The Windows 10 upgrade is a "very manual process," Hewitt continues, and it slows companies down. Most folks are aiming to complete their transition by 2020 and they're worried they won't make their deadline because of the manual compatibility testing processes. They need to test driver compatibility, create test groups, and make sure everything works.

"That's been a huge source of anxiety," he says. "There's a lot of clients out here who have successfully made the transition, but the majority are trying to figure out how to do this most efficiently with the least impact on their user base."

Companies are also worried about security and have vulnerable endpoints and malware at top of mind, Avecto researchers found. Forty percent say their top security concern is protecting remote workers and other employees who operate off the network. The biggest issue with securing remote workers and employees who BYOD is ensuring their endpoints are secure.

Microsoft Responds, Eases Up

The Windows 10 upgrade poses a tough transition for many. Hewitt points out how Microsoft, which started out aggressively pushing the new OS, has made some changed to ease the process of managing Windows 10 for companies with a long road ahead.

It's a fundamentally different from earlier versions of Windows, he explains. Many companies weren't sure if they were agile enough to handle an OS upgrade every six months, or manage their traditional systems along with the cloud-based Windows 10 model. As an example, Microsoft has offered more options to make it easier to combine cloud and PC management.

In some ways, the transition from Windows 7 to Windows 10 will be easier than past Windows migrations, says Alexandra, pointing to the example of getting new users on board. With its new OS, Microsoft has been pushing consumers to adopt Windows 10 at home; as a result, when it lands on their corporate endpoints, it will already be familiar to them.

"People are finding it significantly easier and a large part of that is user acceptance," he says. Employees are learning nuances like how account control works with underlying architecture.

For Windows 7 Pro and Windows 7 Enterprise customers, Microsoft is offering an option to continue Windows 7 Extended Security Updates (ESUs) for additional charge through January 2023. The Windows 7 ESUs will be available to all Windows 7 Pro and Enterprise customers in Volume Licensing, and they will be sold on a per-device basis with price increasing each year. Microsoft won't be introducing new features as part of the package; this is primarily intended to keep machines secure until a full enterprise upgrade is complete.

How You Can Prepare

If you haven't started to prepare for the Windows 10 migration, Hewitt recommends starting with an inventory of applications to be tested. Understand how important those applications are; figure out whether they're security-related, mission critical, or common among end users, and prioritize your list based on those needs. Survey your employees to figure out which apps they value and consider these when building your testing process.

He also advises joining the Windows Insider program, which lets members test updates ahead of their release. Educate yourself on what an update will, and will not, allow you to do.

"Really areas people need to think about are security testing, mission critical application testing, limiting end user downtime, and having a strong focus on making sure people aren't disrupted as a result of these updates," says Hewitt.

Alexandra advises using the upgrade as an opportunity to take advantage of security tools in Windows 10. Application control and least privilege accounts, for example, are two additions to leverage and improve on users' overall security.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/25/2018 | 7:09:01 AM
Remember Windows XP effort
THAT was a forever migration and there are still some machines out there.  And not legacy systems either, not many.  Windows 7 was about 3 years being pushed into corp America mostly because there was no "migration" per se - it was copy user data and re-install everything, then copy back.  In my small accounts, I ensured that user data was saved to THE SERVER so I had no problem with backing stuff up.  A universal good idea and also ensures BACKUP protection too. ( Hello Ransomware) to an offsite system.  I was part of a team at Groupe Clarins doing that in 2013 or so and it was a fun, though demanding, exercise.  

 
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7245
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
CVE-2019-14885
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
CVE-2019-17570
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
CVE-2020-6007
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVE-2012-4606
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.