News

computers on desks

Security Vulnerabilities from End-of-Life Software

Since we've been working with smaller businesses, we've gotten far too many requests or statements about continuing to use software past it's "best by date." In the industry, we call this "best by date" it's end-of-life date or EOL.

This is the date that the software package ceases to get security updates from the vendor. This means those security vulnerabilities that we all know exist will never be patched in that version.

And before you start thinking that there couldn't be that many because they've had years to fix them, let us set the record straight. Just because Windows 11 came out doesn't mean it's a totally new operating system. It's built mostly on Windows 10 code, which was mostly built on Windows 8, 7, Vista, and XP code. Microsoft does not rewrite the whole shebang for every new version. You'll often see the same security flaws being patched across all Windows versions, desktop and server, each Patch Tuesday.

So when Windows 10 stops being supported on October 14th, don't think for a minute that the bad guys aren't taking all those Windows 11 vulnerabilities and trying them on Windows 10. The difference is that Windows 11 is being patched and Windows 10 isn't.

We use Windows 10 and 11 as very relevant and current examples, but we've had clients who wanted to continue using Windows XP and DOS systems in critical areas of their business. That's a very bad idea that we have always cautioned strongly against.

So that part about Windows 10 going end-of-life on October 14th? That gives you plenty of time to start planning for upgrades. The good news is that in some cases the upgrade is very simple. If you don't already have it, Microsoft has likely been trying to force it on you for some time now. You've either actively blocked it or have systems that are a little long in the tooth.

So what can you do?

  • Work with your IT staff to remove any configuration blocks to the upgrade and manually perform the upgrades where possible. Fortunately, Microsoft has a tool that will tell you if your system is capable.
  • For those systems that aren't capable, start working with your IT provider and hardware vendors to replace a few systems at a time. This will help you make the move in a budget friendly way.

Don't stop with your workstations and laptops, though. We still see plenty of Windows Server 2012 in use and it's been EOL for over a year. Don't think you are immune with Macs either. Although the hardware lasts a long time, only the current and previous two major revisions of macOS are supported. This gives you roughly about 15 years of life from a macOS device.

Application software isn't immune either. If you are running Office 365 and keeping it updated, you should be good. If you are running a non-subscription version of Office, you need to check your versions. You have the same looming deadline of October 14th for Microsoft Office 2016 and 2019. That should be an easier upgrade, though.

Have questions or want to de-tangle your own infrastructure? Feel free to contact us for help.