The Strategies to Mitigate Cyber Security Incidents ranks timely patching of security vulnerabilities, as well as using the latest operating system, as essential mitigation strategies in preventing cyber security incidents.
On 14 January 2020, Microsoft ended support for Microsoft Windows 7. As such, organisations no longer receive patches for security vulnerabilities identified in this product. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows 7 workstations.
Organisations using Microsoft Windows 7 should upgrade to the latest version of Microsoft Windows 10 to continue receiving patches for security vulnerabilities, while also benefiting from security improvements in the newer operating system. Organisations yet to upgrade to a newer supported operating system should review their risk assessments and begin planning for the implementation of mitigation strategies to reduce their risk exposure – noting there will still be an overall increase in risk exposure until such a time that Microsoft Windows 7 is upgraded.
The advice in this publication is intended for organisations unable to upgrade from Microsoft Windows 7. The advice is separated into mitigation strategies for organisations operating an entire Microsoft Windows 7 fleet and mitigation strategies for organisations that have limited Microsoft Windows 7 deployments in order to support legacy business applications.