InfoSec Insider

The Windows 7 Postmortem: What’s at Stake

Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.

In January 2020, Microsoft officially ended its extended support and discontinued patching of Windows 7. Despite the long lead time and repeated reminders, numbers since the COVID-19 pandemic have shown a slight uptick in Windows 7 deployments. The recent estimates show that more than 26 percent of endpoints were still running Windows 7 as of March, most likely due to organizations deploying older machines to support suddenly remote workers.

If an organization of any size is still operating systems on Windows 7, the end of support means these devices are open to potential risks, exploits and vulnerabilities, but without any security patches or Microsoft Security Essentials antivirus definitions. Once software becomes unsupported, any vulnerability found in that software will always be present. As these vulnerabilities begin to stack up, the risk increases due to the overwhelming options an attacker has to exploit systems. There is also a reduced chance that vulnerabilities are disclosed due to the unlikelihood a vendor will do anything to remedy the issue.

Organizations that hold back on upgrades are rolling the dice and will likely incur huge risk. In fact, a vast majority of threat actors continue to utilize known vulnerabilities to compromise low-hanging fruit. While the use of Windows XP has diminished over the years, when these machines are found on a network by an attacker, it immediately reveals a weakness in the attack surface. It is only a matter of time before Windows 7 discovery follows suit.

We could also start seeing an increase in services-based attacks leveraging vulnerabilities in Remote Desktop Protocol (RDP), Server Message Block (SMB), and other areas where services run as Windows 7 support terminates. In fact, recently global manufacturers reliant on internet of things (IoT) devices were hit with a malware campaign that exploited weaknesses in Windows 7 directly tied to the Server Message Block (SMB) protocol. The risk will continue to grow as third-party software products also end support for the OS.

There are also broader business advantages at risk outside of security. Organizations could miss out on important productivity gains that come with using supported software, reduced operational compatibility with partner software and the loss of interoperability with software within managed environments. Ultimately, failures in these areas could lead to a number of compliance issues with a much broader impact on the bottom line.

So, what’s the holdup on migration?

More often than not, it all comes down to disruption to operational workflow. On one hand, a small business may lack resources for a full upgrade, while a massive enterprise has a completely daunting task of migrating thousands and thousands of machines, while also having to overcome silos between security and business along the way.

While organizations will never fully be protected from vulnerabilities found after end-of-life (EOL), there are steps to mitigate threats and minimize the damage actors can do as much as possible, while security and IT teams work towards a system upgrade.

  • IT and security teams need to come together and establish an audit of services and hardware connected to the network, creating a full picture of every device, status, upgrading capability and other factors.
  • Minimize your attack surface by keeping all third-party software updated. While the core OS will not be supported, updates to software such as Firefox and Chrome will still be distributed. Apply all available patches as soon as possible to close that window of attack and minimize the attack surface.
  • Segment your vulnerable devices on the network as much as possible. This will help contain the threat and greatly aid in remediation.
  • Disable services that are often taken advantage of by attackers, such as RDP and SMB on Windows 7 devices.

While the above solutions may provide a temporary stopgap, it’s simply not worth the risk to avoid an upgrade. Given that the average time to weaponizing a new bug is seven days, IT and SecOps teams have 72 hours to harden systems before malicious players weaponize the exposed vulnerabilities. The use of Windows 7 after EOL without paid extended support leaves any organization at risk and unable to meet the 24/72 Mean Time to Hardening threshold. This increased risk increases the attack surface and leaves infrastructure vulnerable to attack. Ultimately, keeping the digital landscape up to date helps enterprises of all sizes be a smaller target from malicious threats.

Richard Melick is senior technical product manager at Automox.

Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.

Suggested articles


  • Tony N on

    As long as I have antivirus I'm never giving up my Windows 7. Love my Windows 7.
    • MyTechacct on

      Agreed %100. Ditto! Did you know the British Government made an exclusive contract with Microsoft? They are Still using Windows XP. If I Have to step off Windows 7 it will be into Linux Mint where I can then customize it to look and perform just like Windows 7, only more secure :) I Refuse! to step into Windows 10 outside the professional environment.
  • Larry Mestas on

    Why does windows does not like to work with external hard drives. Windows see them in device manager but I can't access them.
  • Daniel Davis on

    LOL. Totally the place to ask for technical help.
  • todd on

    RDP and SMB? That's your suggestion? Those should already be disabled assuming tools like smss don't need it. Should have nothing to do with win7 vs win10.
  • Anonymous on

    Not a good idea because it's not getting security updates
  • Alpo Värri on

    Some use Windows 7 because their hardware or essential legacy software is not supported in Windows 10. We do use other than Office software, too.
  • Alexandru on

    Windows 10 - It's a privacy nightmare, Microsoft introduced a lot of new features in Windows 10 such as Cortana. However, most of them are violating your privacy. Data syncing is by default enabled. Browsing history and open websites. Apps settings. WiFi hotspot names and passwords. Your device is by default tagged with a unique advertising ID. Used to serve you with personalized advertisements by third-party advertisers and ad networks. Cortana can collect any of your data. Your keystrokes, searches and mic input. Calendar data. Music you listen to. Credit Card information. Purchases. Microsoft can collect any personal data. Your identity. Passwords. Demographics. Interests and habits. Usage data. Contacts and relationships. Location data. Content like emails, instant messages, caller list, audio and video recordings. Your data can be shared. When downloading Windows 10, you are authorizing Microsoft to share any of above-mentioned data with any third-party, with or without your consent.
  • Erik J Friesen on

    If paid extended support exists, there are no easy channels to find it.
  • mytechacct on

    Thank you!! But trying telling people this..pffft. Sheeple, the darndest thing you will ever see.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.