Today is the 14th of January. If you look after Windows devices on an enterprise network, that date may be ringing a few bells. If not, it probably should be, because we’re exactly one year away from Windows 7 going out of extended support.
Why is this important?
As Microsoft say in their article on what this means, “An unsupported version of Windows will no longer receive software updates from Windows Update. These updates include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—such as new drivers for your hardware”.
Many of you will remember when Windows XP went out of support in 2014. It wasn’t long after that before exploitation of the final version of the platform became fairly widespread. Malware can spread much more easily on obsolete platforms because, without security updates, known vulnerabilities will remain un-patched. As a result, it’s crucial to move away from them as quickly as possible.
Stay up to date
Windows 10, version 1809 is the latest version of the Windows and we’re working on guidance for its new features as I write this. We currently have published EUD guidance for Windows 10 1803 when using both MDM management, or traditional Active Directory management. However, don’t wait for us to release guidance for the new version (1809) before upgrading – the 1803 guidance will continue to work just fine on 1809.
Whilst we’re on the subject, it’s worth thinking about how long your Windows 10 devices will be supported for. Windows 10 support lifetime depends on which edition you use: Home/Pro editions of 1709 go out of support in April this year, and Enterprise/Education editions of 1607 do likewise, so you should be updating as soon as possible if you haven’t already.
Upgrade not an option?
If you’re really stuck and unlikely to make the deadline, there are some steps you can take to minimise the risk of using obsolete platforms.
Whilst these measures won’t remove the risks entirely, there are some practical steps you can take to lower them in our Obsolete Platforms Security Guidance. Risk managing obsolete platforms comes at a cost (e.g. of usability due to limited access or functionality), so you should really only do this as a last resort.
We know there are costs involved in keeping up to date. However, doing so is one of the most effective ways of keeping your networks and devices secure - this is why planning your upgrades far in advance is especially important.
As always, please leave any comments or questions you may have below.
EUD Security Research Lead