Any organization that is running unpatched versions of older Windows operating systems is playing with fire… period. Therefore, it’s your prerogative to make sure you’re adequately protecting your business’ data, and one of the most important ways you can do this is by ensuring your infrastructure is properly maintained.
Windows is a complicated operating system, due in part to the fact that it has to be compatible with the tools that countless organizations work with on a daily basis, as well as the countless features that people have come to expect from business-class workstations. When anything is as popular as Microsoft Windows, you get hackers out there attempting to crack the operating system to discover vulnerabilities. These vulnerabilities are then exploited for a profit. Windows updates are meant to keep this from happening, but they are only effective if the patches and updates are constantly updated.
**Please note that sometimes it isn’t a good idea to just let Windows updates run automatically. Sometimes an update can break something else (like a third-party application or internal workflow). It’s best to test updates before deploying them across your network.
Here’s an old school example of a situation that cost companies millions of dollars. Years ago, there were payphones on every street in America. Not that people born after 2000 would have any idea what a payphone is, but at one time, they were extraordinarily popular. Initially, you could be able to fool the payphone into thinking you were putting in coins with what is called a slug. You’d drop some washer in the coin slot, and bingo, you could talk to people without having to have any actual currency.
To combat this, newer payphones were built that had multiple sensors to measure and analyze the coin in real time to determine if it were real. The new payphones didn’t look like the old ones, so people stopped trying to make outgoing calls with washers as currency.
The point here is that the older the payphone was, the more apt it was hacked, and people in the know about these things would target older payphones (with a pocketful of washers) to avoid paying the ridiculous outgoing rate of a phone call.
The same thing happens with old software. When Microsoft retires their software, it exposes that software to hackers, who will be lying in wait to have their way with the network running unpatched and unsupported software.
If you are running a version of Windows (or any software) that has reached the end of its developmental and support life, you are playing with fire.
For example, if you are still running Windows Vista (please, I hope you aren’t) then Microsoft’s mainstream support ended in April 2012. They offered extended support up until April 2017.
Mainstream support is when Microsoft is still providing features, security updates, patching bugs, and more. Extended support is when Microsoft stops adding new features and only provides bug fixes and patches, and only provided that you are on the exact version of the software or operating system that Microsoft says they are supporting.
Back to our example of running Windows Vista (my fingers crossed that this example is purely hypothetical and nobody is still using Vista), it’s pretty clear that Windows Vista was not the shining example of the perfect operating system and that by the end of life there were no flaws whatsoever for hackers to target. If you are running Vista now, you are constantly wide open for any threats that the operating system doesn’t have protections against.
Here’s a list of the current operating system and server end-of-life dates.
Windows XP - April 8, 2014
Windows Vista - April 11, 2017
Windows 7 - January 14, 2020 (It’s coming up!)
Windows 8 - January 10, 2023
Windows 10 - Estimated for October 2025
Windows Server 2008 - July 12, 2011
Windows Server 2008 (SP2) - January 14, 2020 (just around the corner!)
Windows Server 2008 R2 - April 9, 2013
Windows Server 2008 R2 (SP1) - January 14, 2020 (It’s almost here!)
Windows Server 2012 - October 10, 2023
Windows Server 2012 R2 - October 10, 2023
Windows Server 2016 - January 11, 2027
Windows Server 2016 Semi-Annual Channel 1709 - Not announced yet
Windows Server 2016 Semi-Annual Channel 1803 - Not announced yet
Lync 2013 - April 11, 2023
Skype for Business 2015 - October 14, 2025
SQL Server 2005 (SP4) - April 12, 2016
SQL Server 2008 (SP4) - July 9, 2019 (It’s HERE!)
SQL Server 2008 R2 - July 10, 2012
SQL Server 2008 (SP3) - July 9, 2019 (It’s HERE!)
SQL Server 2012 - January 14, 2014
SQL Server 2012 (SP3) - July 12, 2022
SQL Server 2014 - July 12, 2016
SQL Server 2014 (SP2) - July 9, 2024
SQL Server 2016 - January 9, 2018
SQL Server 2016 (SP1) - July 14, 2026
SQL Server 2017 - October 12, 2026
Exchange 2007 - January 13, 2009
Exchange 2007 (SP3) - April 11, 2017
Exchange 2010 - October 11, 2010
Exchange 2010 (SP3) - January 14, 2020 (Get ready!)
Exchange 2013 - April 11, 2023
Exchange 2013 (SP1) - April 11, 2023
Exchange 2016 - October 14, 2025
SharePoint 2010 - July 10, 2012
SharePoint 2010 (SP2) - October 13, 2020 (Just over a year away!)
SharePoint 2013 - April 14, 2015
SharePoint 2013 (SP1) - April 11, 2023
SharePoint 2016 - July 14, 2026
Don’t run outdated software and put yourself at risk, call the IT experts at SCW at (509) 534-1530 to upgrade today!
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!
Tag Cloud
Comments