While organizations will never fully be protected from vulnerabilities found after end-of-life (EOL), there are steps to mitigate threats and minimize the damage actors can do as much as possible, while security and IT teams work towards a system upgrade.
- IT and security teams need to come together and establish an audit of services and hardware connected to the network, creating a full picture of every device, status, upgrading capability and other factors.
- Minimize your attack surface by keeping all third-party software updated. While the core OS will not be supported, updates to software such as Firefox and Chrome will still be distributed. Apply all available patches as soon as possible to close that window of attack and minimize the attack surface.
- Segment your vulnerable devices on the network as much as possible. This will help contain the threat and greatly aid in remediation.
- Disable services that are often taken advantage of by attackers, such as RDP and SMB on Windows 7 devices.
While the above solutions may provide a temporary stopgap, it’s simply not worth the risk to avoid an upgrade. Given that the average time to weaponizing a new bug is seven days, IT and SecOps teams have 72 hours to harden systems before malicious players weaponize the exposed vulnerabilities. The use of Windows 7 after EOL without paid extended support leaves any organization at risk and unable to meet the
24/72 Mean Time to Hardening threshold. This increased risk increases the attack surface and leaves infrastructure vulnerable to attack. Ultimately, keeping the digital landscape up to date helps enterprises of all sizes be a smaller target from malicious threats.
threatpost.com
