After more than a decade of patches and updates, Windows 7, 8, and 2008 R2 servers have lived long, useful lives.
Microsoft has packed the applications to their fullest, and the operating systems and servers are scheduled to reach end-of-life soon.
End-of-life means Microsoft will no longer support those operating systems or issue security updates. This leaves Windows 7, 8, and 2008 R2 users vulnerable to malicious attacks.
As a security adviser, here at The KR Group, we recommend users of the upcoming end-of-life products upgrade to Windows 10 operating system (OS) or Windows 2016 or 2019 servers.
Day one of end-of-life is essentially a “zero day” for the old applications.
On the zero day, the first day with no support from Microsoft, there will be no more patches of updates to address vulnerabilities exploited by hackers, and you’ll be at risk for cyberattacks.
For Windows 7, 8, and 2008 R2 users, those zero days have two dates.
January 14, 2020: End-of-life for Windows 7 and 2008 R2
Windows 7 celebrated its 10th birthday in July, and 2008 R2 will reach the same milestone on Oct. 22.
In 2013, Microsoft ended mainstream support (the support accompanying license purchases) for Windows 2008 R2. About two years later, they ended mainstream support for Windows 7 and 8.
Users have had around five years to prepare for Microsoft to end all support for Windows 7 and 2008 R2, and now, it’s crunch time.
January 10, 2023: End-of-life for Windows 8
With Windows 8, users have around three years to prepare. However, Microsoft is already in extended support for this OS.
Extended support is more restrictive than the mainstream support Microsoft provides its current products. Extended support only provides minimal updates to address serious security vulnerabilities.
If you’re a Windows 7, 8, or 2008 R2 user, you have four options to address the end of these Microsoft products.
- You can upgrade to Windows 10 OS or a 2016 or 2019 server.
- You can isolate outdated Windows 2008 R2 servers.
- You can run next-generation antivirus on Windows 7 or 8.
- You can do nothing – which we really recommend against.
1. You can upgrade to Windows 10 OS or a Windows 2016 or 2019 server.
The best response to any end-of-life is to upgrade.
If you’re using Windows 7 and 8, you’ll want to upgrade to Windows 10. For Windows 2008 R2 users, you’ll want to migrate to a 2016 or 2019 server.
An upgrade will ensure you have continued security coverage. When Microsoft SQL Server 2008 for database management entered its end-of-life in July, it only took a month before hackers had deployed multiple exploits to take advantage of the non-existent support from Microsoft.
You can expect similar attacks once Windows 7, 8, and 2008 R2 enter end-of-life.
With three months before Windows 7 and 2008 R2 are at end-of-life, if you’re still using them, you should upgrade as many of those applications as possible.
(If you’re still using Microsoft SQL 2008 server, you should follow the same recommendations for the 2008 R2 server. Know the prospective problems of 2008 R2 are already problems with SQL 2008.)
Upgrading to current applications isn’t always a simple yes or no, though. A common barrier to upgrading is price and incorporating it into your budget.
Upgrading your OS to Windows 10 Pro costs around $199 per license (ideal for most businesses and large enterprises). Windows Pro for Workstations costs around $309 per license (ideal for businesses and enterprises that need a fast and powerful OS). Meanwhile, a new Microsoft 2016 or 2019 server runs in the range of $999 to $1,999.
If you have a large number of desktops or servers in need of upgrades, your bill could quickly add up. To avoid this, we recommend implementing a revolving list of technology you need to upgrade.
2. You can isolate the outdated Windows 2008 R2 server.
From time to time, companies rely on an application that is only compatible with Windows 2008 R2 (or older) servers. In this case, your best option is to isolate the server from as many other components of your technology stack as possible.
Isolation refers to containing the outdated software to reduce the risk of exploits of your system through a lapse in security.
By isolating the outdated software, you’ll cut off the desktop or server from as much traffic as possible in case there is a malicious attack. Only the software that needs the old server will have access to it and be vulnerable to exploits.
3. You can run next-generation antivirus on Windows 7 or 8.
It isn’t possible to isolate your desktops running Windows 7 or 8 in the same way you can with servers. The best option if you can’t upgrade an OS is to limit use (if possible) and install a next-generation antivirus.
Because of how vulnerable you’ll be if you continue running Windows 7 or 8 after end-of-life, we recommend you go with next-generation antivirus specifically because it is better at detecting, preventing, and responding to new versions of malware.
The level of risk you’ll be at after end-of-life for Windows 7 or 8 requires the level of monitoring next-generation antivirus provides.
This is not a defensive measure, though, and shouldn’t be considered an alternative option to upgrading if it is at all possible.
Next-generation antivirus should be thought of like a spare tire. It’s there if you really need it, but you shouldn’t treat it the same as a replacement.
Installing next-generation antivirus on an end-of-life OS is a crutch to lean on until you can implement the necessary upgrade.
4. You can do nothing about Windows 7, 8, and 2008 R2 entering end-of-life.
A vendor like The KR Group can’t “force” you to upgrade, isolate, or install next-generation antivirus, as that choice is ultimately up to yours to make.
However, we strongly recommend you don’t forget about the implications of end-of-life with Windows 7, 8 or 2008 R2.
Starting on Jan. 14 for Windows 7 and 2008 R2 and on Jan. 10, 2023, for Windows 8, users of those operating systems or servers will be at risk for security breaches. While you’ve been contemplating if you’ll upgrade your Windows server or OS, the bad guys have been preparing for end-of-life, too.
You can expect exploits to start appearing shortly after the end-of-life, and Microsoft won’t provide any patches to resolve them.
When you upgrade to Windows 10 OS or 2016 or 2019 server
Your best options for upgrading your outdated applications are to move to Windows 10 for desktops and Windows 2016 or 2019 for servers.
Windows 10 has been around since 2015 and is the only Microsoft OS on the market. It’s what is running on new computers running Microsoft programs.
You have more choices when it comes to Windows servers, but your best options are Windows 2016 or 2019 servers.
The 2016 server has been around longer and is known to be reliable.
The 2019 server, on the other hand, is new and doesn’t have the proven history older Microsoft servers have. However, so far, it is on par with other Microsoft products. It will also have mainstream support longer than a 2016 server.
As far as time allocation, you can expect each desktop to take around 2 hours to upgrade. Server migration can range anywhere from half a day, full day or more, depending on the complexity of your technology system.
Even though upgrades require time and money, it is the best option for Windows 7, 8, and 2008 R2 users to avoid succumbing to malicious attacks.
If you can’t commit to an upgrade, isolating the server or installing next-generation antivirus are other options, but they still come with some risks.
If you want assistance developing a strategy to upgrade from Windows 7 or 8 to Windows 10 or from Windows 2008 R2 to 2016 or 2019, The KR Group can help.