Five Network Security Risks Created by Windows EOL

Federated Service Solutions Data security

Windows 7 EOL Security Risks

At the time of its release on July 22, 2009, Windows 7 was arguably the most secure desktop operating system at that time. As mentioned in previous blogs (EOL Dates: Windows 7, Windows POSReady 7 & POSReady 2009 and Windows 7 EOL: 3 Things To Do Right Now) Windows 7 and POSReady 7 have entered their End of Life stage and Microsoft now offers only Extended Support. Upgrading to Windows 10 and Windows 10 IoT Enterprise will be a daunting and expensive task for many organizations. But there is a significant risk in not upgrading Windows 7 and POSReady 7. Read on to learn the five network security risks created by Windows EOL.

1. Meltdown and Spectre Vulnerabilities

As we discussed in a previous blog, Meltdown and Spectre increase the risk of exposure of cardholder payment data. To briefly recap: Meltdown is a more straightforward and immediate threat to CPUs. It affects primarily Intel’s CPUs but has also been found in some ARM CPUs. Meltdown makes it possible to break the isolation between the user applications and the operating system. Vulnerable systems are at risk of leaking sensitive and secure information. Spectre is not as urgent of a threat but is more insidious. It is harder to exploit, but harder to mitigate. Spectre breaks the isolation between applications and allows an attacker to use something as simple as running JavaScript on a website to get access to sensitive and previously secure information. It’s not just Intel Chips that are susceptible. Virtually every high-performance processor ever made is susceptible to Spectre. Microsoft will not be releasing any updates to Windows 7 or POSReady 7 to correct these vulnerabilities.

2. The End of Windows Security Updates

The Windows 7 End of Life Extended Support will end on January 14, 2020. Once Extended Support is over Microsoft will no longer provide critical security updates. As a brief recap, Microsoft will continue to patch any security threats and provide hotfixes (a hotfix is software code that fixes a bug in the product). However, only the most critical security updates will be provided. Once Microsoft has ended the Extended Support Phase security updates will no longer be provided and computer and POS equipment will be extremely vulnerable not only to new security threats, but also to the theft of customer, employee and company data.

Windows EOL

3. Loss of Compliance and PCI Standards

Retailers that do not comply with PCI standards could be at risk for data breaches, data theft, fines, card replacement costs, expensive forensic audits and investigations into their business, brand damage, and more. The biggest penalty of course, will be the permanent loss of customers due to a data breach and/or theft. Unfortunately, PCI compliance is a moving target. Companies that experienced breaches were most often not compliant at the time of the breach. Every new potential weakness identified in processing systems creates the need for a new security patch to be installed on all computer and point of sale hardware. Problem: Companies cannot update for security flaws for which no updates have been released. This is also true for other regulated industries such as finance and healthcare that process large amounts of sensitive customer data. Once Extended Support ends, security updates will no longer be released and companies are at risk of losing compliance.

4. Windows 10 is More Secure Than Windows 7

Windows 10 has improved security built into the operating system as well as immunity from over eight years of security threats that did not exist when Windows 7 was released. Also, Windows 7 does not support the latest AMD, Intel and Qualcomm chips that have been designed to mitigate the Meltdown and Spectre threats.

5. Legacy Applications and Security Updates

It’s not just hardware components such as processing chips that are vulnerable to security threats. Older applications that are no longer supported with security updates can also lead to increased threats of data theft. These applications will no longer be able to receive security updates, nor updates to applications that can provide faster processing times and improved performance.

Choosing to upgrade to Windows 10 and Windows 10 IoT Enterprise is not an easy decision. It’s important though to know the risks for not upgrading so you can begin planning your strategy to minimize cost and customer disruptions as much as possible.

Windows 7 End-of-life approaches. Download your t-do list.