Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Windows 7 Extended Security Updates, Windows 8.1 Reach End of Support

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Windows 7 reached end of life (EoL) on January 14, 2020, but Microsoft gave customers the option to continue receiving important security updates through its ESU program. However, ESUs will no longer be available for purchase after January 10, 2023.

Windows 8.1 support ends on the same day. Computers running this version of Windows will continue to function, but will no longer receive technical support, software updates and, importantly, security updates or patches. In addition, Microsoft will not be offering an ESU program for Windows 8.1.Windows 8.1 reaches end of life

“Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations,” the tech giant warns.

Microsoft also announced that Edge 109, scheduled for release on January 12, is the last version to support Windows 7, Windows 8.1, and Windows Server 2008 R2, Server 2012 and Server 2012 R2.

Windows Server 2012 and Server 2012 R2 will reach end of support on October 10, 2023. After this date, these operating systems will no longer receive security and non-security updates, bug fixes, technical support, or online technical content updates.

Customers that migrate applications and databases to Azure virtual machines will receive Extended Security Updates (ESUs) for free for three years after October 10. Other customers can purchase ESUs for Windows Server 2012 for up to three years, to get security updates until October 13, 2026.

Security experts urge organizations not to ignore Microsoft’s notifications and take steps to prevent the exposure of their business to a significant amount of risk.

However, there are likely many cases where it may not be easy for organizations to update their systems to supported versions of Windows, due to budget issues and the use of older hardware.

Advertisement. Scroll to continue reading.

“Unfortunately, many businesses still have a heavy reliance on legacy systems including those that operate in the industrial industry and banking sector. These industries put their digital faith in systems that struggle to be updated and can’t handle being switched off for updates. Without a plan for EoL this can become a big security risk,” Joey Stanford, VP of Privacy & Security at PaaS provider Platform.sh, told SecurityWeek.

Stanford pointed out that “not all is lost” and companies can still take steps to protect vulnerable systems while they create a plan to address the EoL. For example, Windows 8.1 systems can be placed behind a dedicated firewall, which should also be complemented by an intrusion prevention system. Vulnerable systems should not be remotely accessible — a VPN should be used if remote access is necessary — and supported antimalware solutions should be installed on these devices.

Specialized third-party patching services are also available. Acros Security’s 0patch service announced last week that it will continue to develop security patches for Windows 7, Server 2008 R2 and Server 2012 (including R2).

Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, noted that Microsoft will likely still release emergency patches for critical vulnerabilities that hit Windows 8.1, but there is no guarantee.

Parkin has named several types of organizations that are more likely to be using very specialized software or have no budget for the required upgrades, including small businesses, local governments, public schools, and smaller commercial radio and television stations.

Antonio Sanchez, cybersecurity product marketing principal at cybersecurity software and services provider Fortra, also made a good point.

“If your strategy is to hope there are no new vulnerabilities discovered, here is something to keep in mind: Windows 7 had almost 1,000 new vulnerabilities after its end of life,” Sanchez said.

Related: VMware Patches Critical Vulnerability in End-of-Life Product

Related: Hundreds of Millions of PCs Remain Vulnerable as Windows 7 Reaches End of Life

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...