Upgrade Your End-of-Support Microsoft Products as Soon as Possible
If your refrigerator supplier stops providing maintenance services, will you “ignore it” and let the refrigerator’s fresh-keeping and refrigeration functions gradually disappear to become a hotbed for gems? Likewise, the security risks you face will only increase if you stick to computer operating systems and programs that no longer receive any official patches, technical support, and security updates.
In November last year, Microsoft announced that a series of products including Microsoft Office 2013, Windows Server 2012 and 2012 R2 will reach the end of support (EOS) this year . However, according to the latest data from third-party search engine , as of January 2023, there are around 97,000 computers in Hong Kong that are still running on Windows Server 2012 and 2012 R2.
Risks of Using End of Support Applications and Operating Systems:
- Since EOS Applications and Operating Systems (OSs) will no longer receive any patches, technical support, and security updates, whenever new security vulnerabilities appear, hackers and malware are easier to infiltrate, leading to a higher risk of a data breach;
- Running EOS applications and OSs might lead to software compatibility issues; and
- Due to compliance regulation and system security policy of specific industries, using the EOS OSs might not be certified or lead to compliance issues
HKCERT’s Security Advice:
- Related users should plan and upgrade their operating systems to supported versions as soon as possible, (e.g., Microsoft Office LTSC 2021/ 365 and Windows Server 2022).
- For those already with plans to upgrade their operating systems, but unable to do so before the deadline, they can purchase Extended Security Updates (ESU) service from Microsoft to secure extra time, if applicable . For example, users of Windows Server 2012/R2 who have purchased ESU services can still receive critical and important security updates until 13 October 2026.
- Migrate to Cloud Virtual Machines (some cloud service providers will provide ESU for 3 years after the end of support); and
- For legacy applications that are not compatible with the supported OS version or patches provided by the ESU service, placing the related system on an isolated network is recommended. System administrators should source an alternative application compatible with the supported OS version.
Users can refer to the following table to view the end-of-support date of the relevant products. For other details, please refer to the official announcement. (* applicable to Extended Security Update program)
|Product||End of Support|
|January 10, 2023|
|April 11, 2023|
|July 11, 2023|
|October 10, 2023|