As you know, January 14 saw the end of extended support for Windows 7. Just three days later, Microsoft published information about a vulnerability in the Internet Explorer browser that an attacker can use to gain the same rights as an active user. The majority of companies still using Windows 7 will likely not receive a patch for this vulnerability. Sure, paid support will continue until January 10, 2023, but not all companies consider that economically viable. So now is definitely the time for some brainstorming followed by action. We decided to offer our own perspective on the problem.
An IT infrastructure audit is something that every organization should carry out periodically, and the pulling of support for Windows 7 is a good reason to do one right now. Make no mistake, you will find more than a few surprises lurking on your local network. It’s not all about Windows 7. Sometimes, administrators’ attempts to solve problems on the cheap can have strange results.
A typical example that our experts have come across more than once among clients is the use of an ancient computer as a kind of print server. In those cases, the administrators bought a low-cost printer without Ethernet or Wi-Fi support and hooked it up to an unused computer to provide network access. Such a contraption can sit under an office desk for years, and naturally, no one ever thinks about updating the software. Not only could the outdated Windows 7 be on it, but you might even find the antediluvian Windows XP. So instead of waiting for the next WannaCry to reveal the existence of such relics, it’s worth doing some excavation for yourself.
Pay particular attention to atypical equipment such as electronic dashboards, medical diagnostic devices, and embedded systems. Administrators have been known to overlook the fact that these are essentially ordinary computers, and some of them running Windows. On them is some kind of software that’s controlled online and potentially teeming with unpatched vulnerabilities.
Doing an IT inventory is quite straightforward — many free applications will locate all active hosts on your network. Our products provide that feature as well. For example, the Kaspersky Endpoint Security for Business Advancedsuite has tools that not only find all devices on the network, but also retrieve detailed information about protected machines, and allow remote updating of the system and key software. Other machines need to be inventoried manually.
Analysis and classification
It’s important to understand that we are not searching solely for computers running Windows 7 or XP. The client needs to know exactly what is on the network and where. We frequently work with clients who don’t know what build of operating system they have or when the system was last updated, if ever.
It’s also important to know about Windows 8, and even Windows 10. After all, mainstream support for 8.1 came to an end on January 9, 2018, but thanks to extended support, security updates will continue until January 10, 2023. That might seem far off, but in terms of support, it’s not. What’s more, the first release of Windows 10 wasn’t a whole lot more secure than the timeworn XP. Some administrators are prone to disabling updates (for reasons of performance, or because they simply don’t see the need).
Armed with comprehensive information about what machines are on your network, what operating systems they run, and what they are used for, you can classify them by two criteria: what actions need to be taken to eliminate vulnerabilities, and how critical each network node is.
Update Windows 10 and 8 to the highest available version. You might be better off simply disconnecting some nodes. It’s likely you’ll have to upgrade at least one. If you find any PCs with Windows 7 or XP, make sure they’re equipped with dedicated security solutions. Of course, we advocate protecting all computers on the network, but machines with outdated operating systems are an order of magnitude more vulnerable and therefore that much more important to protect now.
Next, you need to establish how critical each PC is for your business. What would happen if cybercriminals gained access to it? If disaster would ensue, the computer should be updated at your first opportunity. If it operates in an isolated segment, the second will do. But everything needs to be protected, down to the last dashboard. After all, WannaCry was not targeted at dashboards, PoS terminals, or medical devices, yet the reputational damage suffered by companies as a result was no less harmful than the losses from the computer downtime.
Management plan update
Although categorization by itself will shed light on what and when you need to update, you still need to plan all stages of the changes while the iron is hot. In that case, your IT inventory will not simply yield a list of vulnerable computers; it will enhance the level of protection of your infrastructure for real. Critical nodes should be addressed immediately. Finally, do not forget to turn on system updates. Without them, in two weeks your network will be just as vulnerable as it is now.
If for some reason getting rid of an outdated system, or using a fully functional security solution, proves impossible (most often this relates to embedded systems), we recommend Kaspersky Embedded Systems Security, which protects ATMs and PoS terminals but also operates just as effectively on other low-end equipment running outdated operating systems. For more details about the solution, see Kaspersky Embedded Systems Security page.