When we talk about renewing computer equipment in companies, it not only has to do with having more powerful and capable equipment to perform the required tasks, but also more modern operating systems that are supported by the manufacturer. In most companies this system is Windows 7 and since the beginning of the year it has not been supported anymore. This is a risk. It is a danger to keep obsolete equipment in the company. An unresolved security flaw in Windows 7 that is being exploited by cyber-attackers makes it very easy to have a security incident.
A Zero-day vulnerability has been discovered, which is already being exploited and which affects Windows 7 and Windows Server 2008, so companies with these systems in their businesses are at risk. What can happen in this case? Given the seriousness of the problem, Microsoft may come to the rescue and decide to release a security patch to correct the problem. But it may also not do so.
Does it compromise the security of our company? Definitely yes. A documented vulnerability of this type, which cyber-attackers know how to exploit, makes it very easy to access corporate and customer data, etc. And this is a problem with current data protection regulations. Security from design implies that we have to put all the means to make personal data safe. And if we maintain obsolete operating systems we are putting it at risk. If there is also a vulnerability, even more so.
The worst thing is that this is not the first vulnerability in Windows 7 since the end of support. And as time goes by there will be more. It doesn’t make much sense to keep these computers running. Although perhaps in the case of the servers it is more complicated.
The problem is not just being out of work for a couple of days until the systems are restored if there is a problem. It’s also a loss of customer confidence and the fine we can get for not taking the necessary security measures to protect personal data.