The OGO Blog

September 2019: Credit Union Cybersecurity Tip from the OGO CISO Office

server 2008 end of life security risk

Windows 2008 and Windows 7 End of Support – Is your Credit Union Ready?

 

The risk - no more patches.

Microsoft previously announced that they will be ending support on Windows 2008 and 2008R2 Server and Windows 7 on January 14, 2020.  After this date, Microsoft will no longer release security patches publicly for these operating systems.  If any of the servers, desktops or laptops at your Credit Union are still running one of these operating systems after that point, your information systems could be at risk.  Without Microsoft releasing security patches, any vulnerabilities that may be found will not be fixed and leave your environment open to compromise.

So, what can we do?

There are a couple options to deal with the end of support, but in most cases the best course of action is to replace and/or upgrade any devices running those operating systems.  Putting a currently supported operating system on the device ensures you will continue to receive vendor support and security patches.  If budgets, the project timeframe, and systems support it, the ideal path forward is to move the workloads to devices with freshly installed current operating systems.  This usually provides the best results for the device going forward versus an in-place upgrade.

If you find that you are unable to move the workload to a new device, an in-place upgrade may be the right option for that system. Making sure that your backups are current and tested is critical if your migration plan involves in-place upgrades.  If the upgrade fails or does not go well, you will need to be able to recover your server from backups.

Hopefully, your Credit Union technology department has already started planning for these upgrades and replacements.  If not, the first step is to review your Credit Union’s system inventory to identify which ones are affected.  Your team can then work with affected business owners and vendors to start the planning, testing, and upgrade process.

If your servers are hosted at Ongoing Operations, the OGO team has already reached out to work with our affected customers to schedule their upgrades to ensure that they are completed prior to the end of support date.

Does Microsoft offer any other options?

If you are not able to upgrade or replace your devices with Windows 2008 and Windows 7, there can be some alternatives.   Microsoft has announced the availability of some extended support programs for enterprise customers.  These generally require an active support agreement or subscription plan and come at a cost.  If you are interested in pursuing this option, you should contact Microsoft or your Microsoft reseller to see if your Credit Union qualifies.

Ensuring that all systems are receiving current security patches is vital to protecting your Credit Union, assets, and members.  If you have any questions about the Windows 2008 and Windows 7 end of support and how it affects your Credit Union, please reach out to your Ongoing Operations account team.

Click here to learn more about Ongoing Operations' Information Security solutions.