Microsoft and “End of Support” death of a legend!

The title is an eye catcher but can be misleading also. Microsoft is not dying, but it is slowly killing one of its greatest Operating System families.  Windows 7 and the Server component Server 2008 (also R2) will be reaching “End of Support” (EOS) January 14, 2020.  What does this mean?  Well it doesn’t mean the platform will stop working on January 14, 2020. It simply means that Microsoft will no longer be required to provide support and patches unless your organization has a specific contract in place to maintain support. This planned EOS period means that non-security updates, free support options, online technical content updates and free security updates on-premises will be halted by the Microsoft support team.  Ouch!

What does this mean to my business?  Well on the surface it means security challenges.  The security vulnerabilities alone should be reason enough to drive your business to make a decision to shift to a new solution. Cybercrime accounts for over billions of dollars of expenses and lost revenue for businesses each year, and a lack of security updates and patches can provide hackers with a door directly into your most valuable digital systems and information.

To make this more personal for your business it means that if you maintain a Windows 7 or Server 2008 system after the EOS and you currently take credit cards this could mean that you PCI Compliance is at risk.  The Payment Card Industry (PCI) creates and maintains a set of security standards that applies to any organization, irrelevant of size, which accepts, stores, processes and transmits cardholder data.  At first glance, it may not be clear what the end of Windows 7 and 2008 Server support has to do with cardholder data. However, one of the compliance requirements, PCI DSS 6.2, requires that “all system components and software must be protected from known vulnerabilities by installing applicable vendor-supplied security patches within one month of release.”  If an Operating System is no longer supported by the vendor, and security patches are not being released, PCI requirement 6.2 cannot be achieved unless potential risk of doing so is mitigated.

What should I do?  Well first of all this is not a new occurrence.  Microsoft puts products on the EOS schedule all of the time.  In fact in July 2019 SQL Server 2008 is EOS.  It might be a big deal for some but it certainly is not as sweeping as Windows 7 or 2008 Server.  These Operating Systems are still hugely deployed.  Many users and companies avoided moving away from Windows 7 to 8(not a bad decision really…lol) and have even delayed Windows 10.  Often due to vendors that support these applications don’t even attempt to keep pace with Microsoft.  So companies are forced to wait for these application vendors to catch up.  But the wait is over.  We must address the change and start planning now! 

But for what- well to answer the question asked- migrate to a newer version.  Windows 10 for workstations and laptops and Server 2019 (or 2016).  This takes planning and not all hardware platforms can be upgraded.  Often the best bang for your investment dollar is to buy new hardware.  Then you get the efficiencies with the time investment for upgrading business systems.  One way or another we all must take a look at our networks and start to plan.   JEM has helped many companies plan for this.  There are even extremely affordable financing options for companies that have many systems and servers to replace.  This is simply another investment in our company’s data infrastructure.  Good luck but hey call me if you are not sure what to do!

Jason McClaflin, MCSE, MCSA + Security

JEM Network Consulting, LLC