With the events of this year, January seems more like a different lifetime than merely 6 months ago. And while the date may not make history books as a top event of 2020, January 14 marked an important date in the world of technology: the end of extended support for Windows 7.
On January 14, 2020, Microsoft officially ended extended support of Windows 7. This discontinued updates and new releases, since the initial end of support was announced on January 13, 2015. Now, the only people that can still receive security updates and patches are paid subscribers of Windows 7 Extended Security Updates (ESU). Those subscribers continued to receive patches as part of Microsoft’s Patch Tuesday, through 2023. However, Microsoft has since released two updates for all users, regardless of if they subscribed to the update program or not.
The first software patch was a mere month after the end of support. Microsoft released a patch to resolve a black wallpaper issue, a problem caused by the last Windows 7 update that was released just before EOS. The second mass-issued update came in June to roll out the new Microsoft Edge browser to PCs that were not connected to Active Directory. Other than those two updates, Windows 7 users who have not subscribed to ESU have been left to their own defenses.
While Microsoft’s two mass updates resolved issues of inconvenience, neither provided protection for users against security breaches or hackers. Hacking groups have taken advantage of this vulnerability. Groups like China’s Winnti hackers, as explained by an article on Naked Security, have found new targets in the months after EOS–many being gaming companies.
“This was a well-resourced effort that used a stolen digital certificate to sign Winnti malware drivers although the use of the Windows x64 Driver Signature Enforcement Overrider (DSEFix) bypass, which doesn’t work on Windows 10, suggests the malware is old and most likely targeted Windows 7 machines,” the article states.
Then in late March, Microsoft disclosed a new Windows 7 code vulnerability that was actively being exploited by hackers and used to target Adobe product users through the Windows Adobe Type Manager Library, a font rendering tool. While the attacks were considered “limited” by Microsoft, the vulnerability allowed for a potential hacker to run code or malware on the attacked device, convincing the user to open a document or window that would then be used to access the machine. Adobe identified the program as exclusive to Microsoft Windows, meaning that not all Adobe users were at risk.
The vulnerability was not only found in Windows 7, but also Windows 10, 8.1, Server 2008, Server 2012, Server 2016, Server 2019, and Server. Versions succeeding Windows 7 were issued updates to resolve the vulnerability, and Windows 7 ESU subscribers received a patch the following month. But, non-subscribers were again left unprotected.
At the end of the day, Microsoft is still singing the same tune from before EOS: upgrade or run the risk. In response to the Adobe attacks, Microsoft issued the following statement:
“For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.”
The messaging has remained consistent – Windows 10 is simply better equipped to limit attacks than earlier versions. And when it comes time to upgrade, PCmover is Microsoft’s ONLY recommended PC migration solution, helping you transfer the data that matters to you.
PCmover allows for quick data and profile migrations, from consumers & small home offices, to SMBs, government agencies, and large enterprise organizations.
Why run the risk of a malware attack any longer? Migrate to Windows 10, and let us help you find the solution that best suits your use case!
Windows 7 Migration Kit – Save up to 50% on PCmover! – Designed to lower the risk of continued Windows 7 use, and ease the transition to Windows 10 for both businesses and home users.
For MSPs, System Integrators, and IT Service professionals looking for a scalable migration solution, PCmover has earned the loyalty and trust of millions of organizations and customers worldwide. Get your free, fully-functional license of PCmover Enterprise here.
Neil is the Senior Director of Inside Sales & Marketing at Laplink. His sales and marketing expertise includes email marketing, lead nurturing, marketing automation, database marketing, user experience optimization, website optimization, testing, PPC (Pay Per Click), Google analytics and social media. Prior to joining Laplink, he was Account Director at Indigo Slate, Senior Account Manager at Oracle, and Dell Brand Manager and Digital Marketing Manager at Zones, Inc. Neil holds a Bachelor of Arts degree in Communications, Advertising and Business from Brigham Young University. Neil’s hobbies include playing golf and competitive volleyball. When he’s not busy spending time with his family, you'll find him on the golf course perfecting his swing!
Read more about Neil Minetto...
Add Comment