Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:05 PM
Connect Directly

Windows 7 End-of-Life: Are You Ready?

Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.

Microsoft will terminate support for Windows 7 on January 14, 2020. That may seem far off, but the clock is ticking – and security and IT teams have sixteen months to figure out a plan.

Many businesses already have the ball rolling, notes Andrew Hewitt, Forrester analyst serving infrastructure and operations professionals, who says the upcoming end-of-life "is a major point of focus for a lot of organizations I'm working with right now."

Hewitt points to "a massive push toward Windows 10" as organizations prep for Microsoft to terminate Windows 7 support. However, different businesses are approaching the Windows 10 upgrade in different ways, which largely depend on their size and maturity, he says.

Windows 10 readiness varies widely. More than half of respondents in a recent survey by Avecto say they're ready for the migration; however, 44% are unsure about their plans or feel unprepared. Part of the problem is awareness: 30% think the end of life for Windows 7 has already occurred, and only 30% knew the date of Microsoft's planned termination, according to the report, which polled 500 IT and security pros on their preparedness to upgrade to the new OS, as well as the related benefits and risks. 

The most surprising finding in the survey was the lack of certainty around the end-of-life for Windows 7, says Kevin Alexandra, principal consultant at Avecto. "It's the default operating system for most businesses – has been for the past few years," he adds. As Microsoft continues to push the Windows 7 end-of-life, companies are reluctant to fix something they don't see as broken.

What's Holding Them Back?

Compounding this reluctance are myriad challenges associated with upgrading an operating system that so many devices and applications rely on, says Hewitt, who says the biggest hurdle will be preparing on-premise legacy applications for the transition.

Organizations with a huge number of legacy apps, especially without a virtualized environment, will have a difficult time testing them for Windows 10 compatibility. "It can take a lot more time to make sure those apps are ready," he adds, especially when focusing on mission-critical tools.

The Windows 10 upgrade is a "very manual process," Hewitt continues, and it slows companies down. Most folks are aiming to complete their transition by 2020 and they're worried they won't make their deadline because of the manual compatibility testing processes. They need to test driver compatibility, create test groups, and make sure everything works.

"That's been a huge source of anxiety," he says. "There's a lot of clients out here who have successfully made the transition, but the majority are trying to figure out how to do this most efficiently with the least impact on their user base."

Companies are also worried about security and have vulnerable endpoints and malware at top of mind, Avecto researchers found. Forty percent say their top security concern is protecting remote workers and other employees who operate off the network. The biggest issue with securing remote workers and employees who BYOD is ensuring their endpoints are secure.

Microsoft Responds, Eases Up

The Windows 10 upgrade poses a tough transition for many. Hewitt points out how Microsoft, which started out aggressively pushing the new OS, has made some changed to ease the process of managing Windows 10 for companies with a long road ahead.

It's a fundamentally different from earlier versions of Windows, he explains. Many companies weren't sure if they were agile enough to handle an OS upgrade every six months, or manage their traditional systems along with the cloud-based Windows 10 model. As an example, Microsoft has offered more options to make it easier to combine cloud and PC management.

In some ways, the transition from Windows 7 to Windows 10 will be easier than past Windows migrations, says Alexandra, pointing to the example of getting new users on board. With its new OS, Microsoft has been pushing consumers to adopt Windows 10 at home; as a result, when it lands on their corporate endpoints, it will already be familiar to them.

"People are finding it significantly easier and a large part of that is user acceptance," he says. Employees are learning nuances like how account control works with underlying architecture.

For Windows 7 Pro and Windows 7 Enterprise customers, Microsoft is offering an option to continue Windows 7 Extended Security Updates (ESUs) for additional charge through January 2023. The Windows 7 ESUs will be available to all Windows 7 Pro and Enterprise customers in Volume Licensing, and they will be sold on a per-device basis with price increasing each year. Microsoft won't be introducing new features as part of the package; this is primarily intended to keep machines secure until a full enterprise upgrade is complete.

How You Can Prepare

If you haven't started to prepare for the Windows 10 migration, Hewitt recommends starting with an inventory of applications to be tested. Understand how important those applications are; figure out whether they're security-related, mission critical, or common among end users, and prioritize your list based on those needs. Survey your employees to figure out which apps they value and consider these when building your testing process.

He also advises joining the Windows Insider program, which lets members test updates ahead of their release. Educate yourself on what an update will, and will not, allow you to do.

"Really areas people need to think about are security testing, mission critical application testing, limiting end user downtime, and having a strong focus on making sure people aren't disrupted as a result of these updates," says Hewitt.

Alexandra advises using the upgrade as an opportunity to take advantage of security tools in Windows 10. Application control and least privilege accounts, for example, are two additions to leverage and improve on users' overall security.

Related Content:


Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/25/2018 | 7:09:01 AM
Remember Windows XP effort
THAT was a forever migration and there are still some machines out there.  And not legacy systems either, not many.  Windows 7 was about 3 years being pushed into corp America mostly because there was no "migration" per se - it was copy user data and re-install everything, then copy back.  In my small accounts, I ensured that user data was saved to THE SERVER so I had no problem with backing stuff up.  A universal good idea and also ensures BACKUP protection too. ( Hello Ransomware) to an offsite system.  I was part of a team at Groupe Clarins doing that in 2013 or so and it was a fun, though demanding, exercise.  

Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.