Gandalf_The_Grey
Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,344
Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
In January 2020, Microsoft officially ended its extended support and discontinued patching of Windows 7. Despite the long lead time and repeated reminders, numbers since the COVID-19 pandemic have shown a slight uptick in Windows 7 deployments. The recent estimates show that more than 26 percent of endpoints were still running Windows 7 as of March, most likely due to organizations deploying older machines to support suddenly remote workers.
While organizations will never fully be protected from vulnerabilities found after end-of-life (EOL), there are steps to mitigate threats and minimize the damage actors can do as much as possible, while security and IT teams work towards a system upgrade.
While the above solutions may provide a temporary stopgap, it’s simply not worth the risk to avoid an upgrade. Given that the average time to weaponizing a new bug is seven days, IT and SecOps teams have 72 hours to harden systems before malicious players weaponize the exposed vulnerabilities. The use of Windows 7 after EOL without paid extended support leaves any organization at risk and unable to meet the 24/72 Mean Time to Hardening threshold. This increased risk increases the attack surface and leaves infrastructure vulnerable to attack. Ultimately, keeping the digital landscape up to date helps enterprises of all sizes be a smaller target from malicious threats.
- IT and security teams need to come together and establish an audit of services and hardware connected to the network, creating a full picture of every device, status, upgrading capability and other factors.
- Minimize your attack surface by keeping all third-party software updated. While the core OS will not be supported, updates to software such as Firefox and Chrome will still be distributed. Apply all available patches as soon as possible to close that window of attack and minimize the attack surface.
- Segment your vulnerable devices on the network as much as possible. This will help contain the threat and greatly aid in remediation.
- Disable services that are often taken advantage of by attackers, such as RDP and SMB on Windows 7 devices.

The Windows 7 Postmortem: What’s at Stake
Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
