The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk.
Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”
The FBI pointed to vulnerabilities in Windows 7 preceding the EOL announcement that made users the primary target of the Wannacry ransomware campaign in 2017. Windows 7 users represented 98% of infected systems. Another major vulnerability discovered in the operating system in 2019, called BlueKeep, has been traced back to several major hacking campaigns.
Microsoft still provides limited technical support and security updates for customers running Professional and Enterprise versions of Windows 7 under an “Extended Security Update” plan, which will increase in price through January 2023, at which point the company will cease all support.
In addition to its urging that companies upgrade to the latest version of the Windows operating system, the FBI also encourages the following actions:
- Ensure security software is properly configured and kept up-to-date.
- Audit network configurations and identify any systems that can’t be updated.
- Use two-factor authentication where possible.
- Log Remote Desktop Procedure login attempts.