The UK’s National Cyber Security Centre (NCSC) has urged organizations still on Windows 7 to plan now for the end of extended support in a year’s time.
The GCHQ arm reminded IT managers that the operating system will no longer receive free updates from January 14 2020.
That will mean any machines still running then could be exposed to a greater risk of malware, and potentially unreliable systems.
The NCSC drew parallels with the end-of-support for Windows XP in 2014.
“It wasn’t long after that before exploitation of the final version of the platform became fairly widespread. Malware can spread much more easily on obsolete platforms because, without security updates, known vulnerabilities will remain unpatched. As a result, it’s crucial to move away from them as quickly as possible,” it explained.
“We know there are costs involved in keeping up to date. However, doing so is one of the most effective ways of keeping your networks and devices secure - this is why planning your upgrades far in advance is especially important.”
For organizations unable for any reason to migrate swiftly to Windows 10 — for example if there are compatibility issues with legacy software — the NCSC has listed a few key short-term recommendations.
These include preventing access to untrusted services and removable media, converting systems to thin clients, removing access for remote workers and applying anti-malware and intrusion detection tools.
For those businesses keen to remain on Windows 7 beyond January 14 2020, Microsoft is also offering Extended Security Updates (ESUs) which will be costed per device and increase in costs every year until January 2023.
Another option is to buy the Windows Virtual Desktop service, virtualizing Windows 7 on Azure VMs. This option comes with free ESUs but will also be available only for three years.