Most institutions have been in the situation of having end-of-life hardware or software systems present in their environments. These systems quickly become the focus of compliance staff, auditors and examiners because they are perceived as representing a heightened risk.
This is because the vendor stops support of the system, meaning that they will no longer seek and remediate vulnerabilities or repair any broken hardware. This makes it more likely an unknown vulnerability will be used by an attacker or that critical hardware will fail.
There are several major Microsoft systems going end-of-life within a year. Institutions are urged to review these and start taking action immediately if they have not already started their upgrade efforts. The major Microsoft systems going end-of-life in the next year include:
- Microsoft SQL Server 2008 (July 9, 2019): If you have any SQL servers in your environment, check to make sure they are not running SQL Server 2008. This software goes end of life on July 9th of this year. If you are running this software today, we recommend immediately starting to plan to upgrade these or at least minimize your exposure by moving critical databases off this platform.
- Windows 7 (January 14, 2020): If your institution is still running Windows 7, you have ten months to upgrade or replace your systems. If you have software providers who are still dragging their feet and have not certified their software for Windows 10, it is time to apply extreme pressure on them. To ensure a smooth upgrade process, we recommend starting by identifying representative test users that have enough patience to deal with occasional glitches and upgrading their PCs. Once the problems have been worked out with the test users, be sure to include a training plan in your rollout to the entire institution.
- Windows Server 2008 (January 14, 2020): There are still many institutions running Windows 2008 servers. These servers will no longer be supported after January 2008. We urge all institutions to have their IT departments review their server operating systems to identify Windows 2008 instances still in use, and to start creating plans for upgrade.
- Microsoft Exchange 2010 (January 14, 2020): If your institution is still running Exchange 2010, it is time to start planning an upgrade or a migration. This might be a great time to consider moving to Office 365, where one of the benefits is that Microsoft performs the upgrades for you.
If you need help in keeping up to date with system compliance or any of the latest cybersecurty trends, feel free to reach out to us at support@bedelsecurity.com anytime or sign up for our weekly newsletter using the form below!