The Strategies to Mitigate Cyber Security Incidents ranks timely patching of extreme risk security vulnerabilities in operating systems, as well as using the latest suitable versions of operating systems, as essential mitigation strategies in preventing cyber security incidents.
On 14 January 2020, Microsoft will end support for Microsoft Windows 7. After this date, organisations will no longer receive patches for security vulnerabilities identified in this product. Subsequently, adversaries may use these unpatched security vulnerabilities to target Microsoft Windows 7 workstations, thereby increasing the likelihood of a successful targeted cyber intrusion.
Organisations using Microsoft Windows 7 are strongly recommended to upgrade to the latest version of Microsoft Windows 10 by January 2020. Organisations yet to upgrade to a newer supported operating system by this date should review their risk assessments and begin planning for the implementation of mitigation strategies to reduce their risk exposure – noting there will still be an overall increase in risk exposure until such a time that Microsoft Windows 7 is upgraded.
The advice in this publication is intended for organisations unable to upgrade from Microsoft Windows 7 by Microsoft’s end of support date. The advice is separated into mitigation strategies for organisations operating an entire Microsoft Windows 7 fleet and mitigation strategies for organisations that have limited Microsoft Windows 7 deployments in order to support legacy business applications.