Still Using Windows 7? Beware of Hackers
Microsoft ended support for Windows 7 in January, which has implications for legacy users. So, unless you're paying for the extended security updates, your Windows 7 devices are now more vulnerable to the growing number of cyberthreats.
Ending the support lifecycle means Microsoft will no longer issue any software updates, including patches for newly discovered vulnerabilities. In Microsoft's own words, Windows 7 "will be more vulnerable to security risks and viruses due to the lack of security updates."
Hundreds of Millions of Devices Potentially Exposed
The calculation is based on the approximation that 80% of 1.2 billion Windows PCs run on Windows 10 (putting the Windows 7 market share at less than 20%).
However, analytics and data company Net Applications estimates the market share for Windows 7
laptops and desktops to be much higher, at 31.3%. That would make the number of vulnerable PCs even larger and more significant than ZDNet's.
All these numbers, of course, are guesstimates.
Even so, it's important to remember that within an organization, PCs are not the only vulnerable endpoints. Anything from connected medical devices to digital marketing billboards can run on Windows 7—so your unprotected attack surface may be much bigger than you think.
Here Are the Risks With Windows 7
To understand the risks of unsupported software, consider the garden variety of Windows 7 vulnerabilities already known. They range from the recently discovered cryptomining threat in WAV audio files
, to a directory traversal vulnerability that allows hackers to gain remote access.
In the past, Microsoft fixed these kinds of security holes through patches. The problem now is that not only has Microsoft stopped supporting the OS, but it’s public knowledge so cybercriminals know this too. They are now much more likely to target Windows 7 systems.
Think about EternalBlue, a Windows exploit developed by the National Security Agency (NSA) that cybercriminals used in the coordinated WannaCry attack. The ransomware spread to hundreds of thousands of computers
in 150 countries in just a few hours. And even two years later, researchers estimated that as many as 1.7 million computers were still vulnerable.
More recently, another exploit called BlueKeep was feared to have the ability to create massive damage in ways similar to EternalBlue. BlueKeep could potentially self-replicate and was deemed so dangerous
that the NSA issued an advisory
last June urging Windows administrators and users to patch their legacy systems.
A Game Plan for Windows 7 Users
Are you a Windows 7 user now wondering what to do? Your first thought may be to opt for the extended security update plan, which buys you time. But you're looking at roughly $25 or $50 per device
, depending on whether you have Enterprise or Pro versions—and that price will double in 2021, and then double again in 2022.
If you have hundreds or more Windows 7 devices, you're looking to spend thousands of dollars just to keep the legacy OS secure. In that scenario, upgrading them is probably a more cost-efficient option. You'll be forced to do it at some point anyway, and—most importantly—it's the clear choice from a cybersecurity standpoint.
However, until you’ve properly upgraded, take short-term mitigation steps for the legacy devices.
Key things to do include:
- Prevent these devices from accessing untrusted or risky content through web browsing, content-sharing, email, or removable media.
- Don't allow their use for accessing sensitive data or performing critical functions.
- Don't allow remote workers to use them, and disable remote access altogether.
Ensure You Have Complete Visibility
Vulnerability management is an important component of a strong security posture.
And the first step in managing vulnerabilities involves conducting a risk assessment. This is important regardless of what operating systems and applications you use. You can’t protect what you don’t know you have, so always take an inventory of your devices initially.
Continuous vulnerability scanning
is a best practice that gives you the visibility you need to monitor your environment for risks. Conducting both internal and external scans
as a constant process helps minimize your attack surface, so hackers and bad actors have fewer gaps by which they can penetrate your network.
However, if your IT team is stretched thin, or you don't have the in-house resources and expertise to conduct vulnerability scanning, contact Arctic Wolf®. Our SOC-as-a-service includes Arctic Wolf™ Managed Risk
that helps ensure you protect your vital assets without the need to scale in-house capabilities.