What the End of Windows 7 Means for Your Organization – and How to Stay Secure

Microsoft recently announced that it will officially begin the “End of Life” phase for Windows 7 in January 2020, meaning that it will no longer update or support the OS after that date. Even 10 years after its initial release, Windows 7 is still an incredibly popular OS and is used by millions of people and businesses worldwide. In fact, Windows 7 is still being used on 30.92% of PCs worldwide as of August 2019.

Security is a critical consideration when it comes to the support and maintenance of any operating system and this recent news from Microsoft means that anyone who continues to use Windows 7 may be at a higher risk of being a target for a malicious hack.

Our COO, Maureen Gray, sat down to answer some of the most pressing questions about the End of Life phase for Windows 7 and what you need to know:

What does this mean for businesses who use Windows 7?

Microsoft’s End of Life (EOL) announcement serves as a notification that after January 14, 2020 the company will stop supporting Windows 7 on both PCs and laptops. Most importantly, this means that Microsoft will no longer provide updates or patch security holes in the operating system. So, they will not be responsible for putting out any fixes for vulnerabilities or compatibility issues that emerge. To put that into perspective, Microsoft patched 29 vulnerabilities in April 2019 alone – designating six as critical and 23 as important.

Because vulnerabilities will no longer receive an immediate fix, they can more easily be exploited by bad actors. These hackers will certainly be searching for these vulnerabilities and aggressively targeting any Windows 7 machines within their reach.

Organizations will also need to consider what this means for compliance. The lack of additional security support may cause an enterprise to become non-compliant with security best practices.

Does EOL apply to all versions of Windows 7?

Not exactly. It does apply to Home, Professional and Enterprise, but not embedded systems used in POS and other devices. However, those are moving targets, and some may have already reached End of Life.

(To check if your system is still being supported, visit the Microsoft product lifecycle website.)

What have we learned from past EOL events?

In April 2014, Microsoft ceased security updates and technical support for Windows XP. It was later discovered that hackers waited until after support had officially ended to find ways to exploit vulnerabilities and create chaos for users who hadn’t upgraded to a new operating system.

In the instance of Windows 7, there is no reason to expect that we won’t find the same behavior from malicious actors. That’s why it’s critical for Windows 7 users to initiate measures to protect themselves as soon as possible.

What are the challenges with updating all Windows 7 systems?

For many organizations, upgrading from Windows 7 to a more modern operating system will be more complicated and costly than a straightforward software update.

One of the main challenges that organizations will find is that not all machines operating Windows 7 have the minimum specifications required for Windows 10, so they will need to invest in new hardware. A larger concern is that in-house and proprietary applications that were created to run on Windows 7 may not automatically work on a different OS. This discrepancy is one of the reasons that some enterprises took so long to migrate from Windows XP to a more modern system.

What are the implications if organizations can’t successfully update by the 1/14/2020 deadline?

First and foremost is security. Organizations who don’t take measures to protect themselves after Windows 7 is no longer supported will be much more vulnerable to a breach. Additionally, other applications may also remove support for legacy systems.

However, following the End of Life for Windows XP, Microsoft offered an option for extended support for an extra cost – but it may be a hefty charge for a short-term solution. For those EA and EAS customers who choose to subscribe to Windows 10 Enterprise E5, Microsoft 365 E5 or Microsoft 365 E5 Security by the deadline, Microsoft will offer one year of post-retirement support for Windows 7.

What about Internet Explorer?

Microsoft has stated that Internet Explorer has the same End of Life date as Windows 7, so users will need to adjust to Edge. This could have additional implications for an enterprise’s plug-ins.

This is a lot to process – why should cybersecurity be top of mind?

Endpoints have long been recognized by hackers as a consistent means of accessing an organizations network to do further harm. This news has announced to hackers that there is a significant number of endpoints that will soon be easier to exploit, and they will be at the ready following the cutoff date. The volume of new computer viruses and other malware will increase even more to take advantage of those vulnerabilities, so preparation is critical.

How can Blue Ridge Networks help during this transition?

The extensive and costly investment that many are facing may seem impossible to achieve by the Microsoft issued deadline. While many will meet the deadline, others may fall behind because of staffing restrains or incompatibility with proprietary applications that are needed for their operations. This leaves a window of opportunity for well-prepared malicious actors to take advantage of post EOL Windows 7 users. Rest assured, there is a way to ensure that your organization remains secure without a complete system overhaul before January.

With the use of AppGuard, an enterprise can keep the trains running as usual, knowing that patched or not patched, their PCs are safe from emerging threats. This solution can buy your organization the time it needs to make and execute a plan to migrate endpoints, applications, and browsers to a new OS – without rushing the process or leaving unresolved vulnerabilities.


If you have any further questions about the Window 7 announcement, or what it could mean for your business, we invite you to reach out to our team at: sales@blueridgenetworks.com