Patches Don’t Make Unsupported Software Safe
The recent patches Microsoft issued for the WannaCry ransomware highlight a bigger issue – the number of businesses still running unsupported Microsoft products.
The year may only be half over, but already two big ransomware scares have happened. These scares underscore the importance of assessing a business’ safeguards against ransomware. Yet, it is the businesses running unsupported legacy systems that prove most vulnerable – and a whopping 52% of businesses are still running at least one instance of Windows XP, which has been out of support for over three years.
Running unsupported products means no more security patches or bug fixes will be released, creating holes in security that leaves businesses exposed. Unsupported operating systems are more vulnerable to cyberattacks and malware.
Some businesses may believe that running unsupported products is not that risky because if anything too serious is found, companies like Microsoft will issue security patches for unsupported versions of Windows. Indeed, Microsoft has done just that – recently. In the space of less than a month, Microsoft released two patches for unsupported systems in response to the WannaCry ransomware. The first patch closed security holes used by WannaCry’s ransomware for Windows XP and Windows Server 2003. The second patches included updates for three other exploits that had an elevated risk of cyberattacks similar to WannaCry’s.
It is wrong to think that these patches make unsupported systems safe to continue using. They are still fundamentally insecure. Virtually every time Microsoft updates one of its remaining supported platforms, the company will also be disclosing exploitable flaws for unsupported Microsoft products. There are multitudes of malware that exploit less severe flaws in the operating systems, flaws that would be patched in supported systems. Patching is a temporary fix and needs to be done consistently to protect a computer as much as possible.
Microsoft cannot – and should not – be relied upon to patch security vulnerabilities in unsupported products. These patches give businesses still running unsupported products a false sense of safety. Patching unsupported operating systems regularly could increase the number of organizations and users not upgrading to supported products, which would have a negative overall effect.
Keep in mind that while Microsoft did issue patches for unsupported operating systems in regards to the WannaCry ransomware, it did not for the latest wave of the NotPetya attacks from the last week in June. This underscores why depending on on patches for unsupported products and continuing to use them does not make business sense.
If your business is still running an unsupported Microsoft product, let us help you evaluate a transition to a supported product. Feel free to contact us by phone at (425) 274-1121 or by email at firstname.lastname@example.org today.