Windows 7 end of support: Separating the bull from the horns
There’s a lot of misinformation about Win7 end-of-life bouncing around the blogosphere. While the last free official Win7/Server 2008 R2 patch appeared yesterday, there’s more to the story. No need to go running to the nearest soothsayer with your wallet open, in spite of what you may have read.
Karl Sigler, Threat Intelligence Manager, Trustwave SpiderLabs:
“The End of Life means that Microsoft will no longer provide security updates like the ones listed below. This will increase the risk assumed by those organizations that continue to run Windows 7 or 2008 and we expect attackers will begin actively looking for those operating systems as a “soft spot” for a compromise. For instance, shortly after Windows XP went into End of Life, we saw widespread exploitation with the WannaCry campaign. While Microsoft did eventually release security fixes for XP, there’s no assurance that the same would occur with Windows 7 if there were a similar campaign today. With the concerns around last year’s potentially “wormable” BlueKeep (CVE-2019-0708) and new vulnerabilities discovered every month, this is not a time to let your systems go without security patches.”
Read the Patch Tuesday blog breakdown: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/patch-tuesday-january-2020/