I recently read a statement from the National
Security Agency (NSA) expressing concerns over the risks and vulnerabilities
that come with running unpatched versions of older Windows operating systems.
First, you know it’s serious if the NSA, an entity in the US who depends on the
collection and processing of information, is worried that your personal
information is at risk. Second, it’s another in a long line of reasons to not
allow your network to fall into such disarray that you can no longer protect
Why Are Windows Updates So
Microsoft Windows is complex software. It
needs to be. In order to do everything, we need it to do every day, and work
with everything we need it to work with, it contains a lot of features and
capabilities baked in.
The more complex your software is, the more
chances there are that someone out there could find a vulnerability. This
happens all the time, and when vulnerabilities are discovered, good software
developers will quickly build an update that fixes them before they are
That’s what Windows updates are. Sure, there
are new features being added in many of the updates as well, but the security
patches are what is truly critical.
**Please note that sometimes it isn’t a good
idea to just let Windows updates run automatically. Sometimes an update can
break something else (like a third-party application or internal workflow).
It’s best to test updates before deploying them across your network.
Problems Get Exposed as they are
Let me give you a more old-school example. Way
back in the day, you used to be able to ‘hack’ a vending machine with fake
coins called slugs. To combat this, new vending machines were created that had
multiple sensors to measure and analyze the coin in real time to determine if
it were real. When these new machines were released, they were also might newer
looking than the old school, hackable vending machines. Word got out about how
easily the older machines could accept a slug and encouraged people to seek
them out to get free beverages.
What can we take away from this?
- If you owned an old vending
machine, you were at risk of being hacked.
- Older vending machines were
targeted by people who knew that they were hackable, as opposed to the new
vending machines that weren’t as easily exploitable.
- Risk increased as time went on if
you owned an older vending machine.
- How often do you see vending
machines that even take coins these days? I’m dating myself.
When Microsoft releases security updates, this
exposes the vulnerability to the world. This includes hackers. This means
everyone is on bought time once an update comes out, because hackers know that
not everyone will update.
Older Operating Systems Have the
If you are running a version of Windows (or
any software) that has reached the end of its developmental and support life,
you are playing with fire.
For example, if you are still running Windows
Vista (please, I hope you aren’t) then Microsoft’s mainstream support ended in April 2012. They offered extended support up until April 2017.
Mainstream support is when Microsoft is still
providing features, security updates, patching bugs, and more. Extended support
is when Microsoft stops adding new features and only provides bug fixes and
patches, and only provided that you are on the exact version of the software or
operating system that Microsoft says they are supporting.
Back to our example of running Windows Vista
(my fingers crossed that this example is purely hypothetical and nobody is
still using Vista), it’s pretty clear that Windows Vista was not the shining
example of the perfect operating system and that by the end of life there were
no flaws whatsoever for hackers to target. If you are running Vista now, you
are constantly wide open for any threats that the operating system doesn’t have
Microsoft’s Upcoming Support
Lifestyle End Dates
Here’s a list of the current operating system
and server end-of-life dates.
Windows Operating System
XP - April 8, 2014
Vista - April 11, 2017
7 - January 14, 2020 (It’s coming up!)
8 - January 10, 2023
10 - Estimated for October 2025
Microsoft Server Operating
Server 2008 - July 12, 2011
Server 2008 (SP2) - January 14, 2020 (just around the corner!)
Server 2008 R2 - April 9, 2013
Server 2008 R2 (SP1) - January 14, 2020 (It’s almost here!)
Server 2012 - October 10, 2023
Server 2012 R2 - October 10, 2023
Server 2016 - January 11, 2027
Server 2016 Semi-Annual Channel 1709 - Not announced
Server 2016 Semi-Annual Channel 1803 - Not announced
2013 - April 11, 2023
for Business 2015 - October 14, 2025
Microsoft SQL Server
Server 2005 (SP4) - April 12, 2016
Server 2008 (SP4) - July 9, 2019 (It’s HERE!)
Server 2008 R2 - July 10, 2012
Server 2008 (SP3) - July 9, 2019 (It’s HERE!)
Server 2012 - January 14, 2014
Server 2012 (SP3) - July 12, 2022
Server 2014 - July 12, 2016
Server 2014 (SP2) - July 9, 2024
Server 2016 - January 9, 2018
Server 2016 (SP1) - July 14, 2026
Server 2017 - October 12, 2026
2007 - January 13, 2009
2007 (SP3) - April 11, 2017
2010 - October 11, 2010
2010 (SP3) - January 14, 2020 (Get ready!)
2013 - April 11, 2023
2013 (SP1) - April 11, 2023
2016 - October 14, 2025
2010 - July 10, 2012
2010 (SP2) - October 13, 2020 (Just over a year away!)
2013 - April 14, 2015
2013 (SP1) - April 11, 2023
2016 - July 14, 2026
If you are running outdated software, you are putting yourself, your business, your employees, and your clients at risk. Want help planning your next upgrade? Reach out to Emerge at 859-746-1030 to get an idea of what it will take.