HKCERT Calls for Attention on End of Support for Windows 7, Windows Server 2008 and 2008 R2

Release Date: 22 Nov 2019 4163 Views

[Updated on 2023-01-06] 

Microsoft will stop providing security updates and technical support to all Windows 7 and Windows 8.1 systems (including those subscribed the Extended Security Update) on January 10, 2023. According to the latest figures, about 10% of Windows computers in Hong Kong still use these 2 versions. HKCERT recommends users should migrate to other supported versions or operating systems as soon as possible.

 

 

 

From 14 January 2020, computers running on Windows 7, Windows Server 2008 and 2008 R2 operating systems (OSs) will no longer receive free technical support, software and security updates from Microsoft [1][2]. In other words, users whose machines are still using the abovementioned OSs after support ends will be exposed to attacks targeting their unpatched vulnerabilities.

 

Market Share of Windows 7 in Hong Kong

Released just over a decade ago, Windows 7 has been one of the most popular OSs of Microsoft. According to the latest StatCounter figures [3], with only two months till the end of support, Windows 7 still accounts for 28% of desktop Windows market share in Hong Kong (Figure 1).

 

 

(Figure 1: Desktop Windows OS Market Share in Hong Kong from Oct 2018 to Oct 2019)

 

HKCERT urges Windows 7 users to upgrade or migrate their OS to a supported version (e.g. Windows 10 or other OS developers’ supported OSs) as soon as possible.

 

Risks of Using End of Support (EOS) Operating Systems

  1. Since EOS OSs will no longer receive any patches or security updates, subsequent vulnerabilities may increase the potential risk of information and data leakages.
  2. Computers with EOS OSs in a closed network are not immune from hackers or malware upon successful infiltration of the internal network.
  3. Other software packages running on EOS OSs may not be able to upgrade or migrate to the latest supported OSs due to compatibility issues, thus resulting in security threats because of subsequent unfixed vulnerabilities.
  4. Enterprises will have to pay hefty amount to maintain EOS OSs, such as adding an extra layer of protection (e.g. virtual patching), purchasing extended support coverage and consuming extra efforts in maintaining multiple versions of OSs.

Security Recommendations

  1. HKCERT urges all affected Windows and Windows Server users to upgrade or migrate their OSs to supported versions as soon as possible. To ensure smooth migration and mitigate potential risk, users need to have comprehensive planning.
  2. For those already with plans to upgrade their OSs but unable to do so before the EOS deadline, they can buy the Extended Security Update (ESU) services from Microsoft to secure extra time [4].
  3. For legacy systems whose applications are not compatible with security patch and ESU services are not applicable, they should be placed in an isolated network.

 

Note:

[1] Microsoft: Windows 7 support will end on January 14, 2020

https://support.microsoft.com/en-us/help/4057281/windows-7-support-will-end-on-january-14-2020

[2] Microsoft: End of support for Windows Server 2008 and Windows Server 2008 R2

https://support.microsoft.com/en-us/help/4456235/end-of-support-for-windows-server-2008-and-windows-server-2008-r2

[3] StatCounter Global Stats

https://gs.statcounter.com/

[4] Microsoft: Extended Security Update (ESU)

https://www.microsoft.com/en-us/cloud-platform/extended-security-updates

 

Share with

Previous

More than a year after GDPR comes into force…

30 Sep 2019 4044 Views

Next

HKCERT and Microsoft Hong Kong Launch City's First Healthcare Cyber Security Watch Programme

13 Dec 2019 5038 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY