Tuesday, 5 February 2019

End of Support for Windows 7

Executive Summary
Microsoft will stop releasing security updates for Windows 7 at the beginning of next year. As such, we must upgrade or replace all remaining Windows 7 computers at Monash University this year. To assist the University in these efforts people who still have Windows 7 systems at Monash University are strongly encouraged to proactively replace them without waiting for contact from eSolutions.
eSolutions staff will assist by auditing our computer fleet and contacting owners of known Windows 7 systems who have not yet taken action.


Microsoft Support Durations and the Implications on Computer Users
Operating systems like Microsoft Windows are continually under attack by criminal groups, foreign state agents and individual hackers who seek to find vulnerabilities in the operating system which would allow access to data and personal information without authorisation. As new potential vulnerabilities are found, Microsoft is continually releasing new updates for Windows to mitigate them and ensure the operating system remains secure. The research and development of these updates comes at a cost and Microsoft does not do this indefinitely. For each version of Windows they publish the dates on which they will cease issuing security updates well in advance of support coming to an end.

For Windows 7, which was originally released on 22 July 2009, Microsoft will stop releasing security updates on 14 January 2020. Anybody continuing to use Windows 7 after this date will be at a high risk of having their personal information and their data stolen as security vulnerabilities are discovered and not fixed. This can result in significant financial loss, reputational loss and loss of work for both the individual affected and for the University.

Options for Mitigating the Risk
The simplest and most reliable means of mitigating this risk is to ensure all Windows 7 computers are replaced with a Windows 10 device. Alternatively it may be possible to upgrade the installed version of Windows on more recently purchased devices to Windows 10 without replacing the hardware. Older Windows 7 devices that are no longer needed may simply be disposed of. In the rare event that a Windows 7 device is connected to significant research infrastructure that relies on a software interface that does not support more recent versions of Windows, other mitigation strategies must be put in place to limit the risk posed by running an insecure version of Windows. This could include permanently taking the device off the network or running the requisite software in a “quarantined” IT environment that is properly protected against exploitation of the operating system vulnerabilities. In these exceptional cases, eSolutions will provide a risk assessment and appropriate mitigating solutions based on the individual circumstances and requirements.

Aside from a handful of exceptional cases, it is required that all Windows 7 devices at Monash University will be replaced or upgraded this year. Given the number of Windows 7 devices still in use, this activity to start replacing devices must ramp up in tempo from early in the year to avoid the risk of not having all devices properly dealt with by the deadline.

No comments:

Post a Comment