AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2 [ 
https://www.us-cert.gov/ncas/alerts/aa19-290a ] 10/17/2019 12:36 PM EDT 
Original release date: October 17, 2019

Summary

On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating 
systems.[1] After this date, these products will no longer receive free technical support, or software and security 
updates.

Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while 
running Windows 7 and Windows Server 2008 R2.

Technical Details

All software products have a lifecycle. End of support refers to the date when the software vendor will no longer 
provide automatic fixes, updates, or online technical assistance. [2]

For more information on end of support for Microsoft products see the Microsoft End of Support FAQ [ 
https://www.microsoft.com/en-us/windows/windows-7-end-of-life-support-information ].

Systems running Windows 7 and Windows Server 2008 R2 will continue to work at their current capacity even after support 
ends on January 14, 2020. However, using unsupported software may increase the likelihood of malware and other security 
threats. Mission and business functions supported by systems running Windows 7 and Windows Server 2008 R2 could 
experience negative consequences resulting from unpatched vulnerabilities and software bugs. These negative 
consequences could include the loss of confidentiality, integrity, and availability of data, system resources, and 
business assets.

Mitigations

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and organizations to:


  * Upgrade to a newer operating system. 
  * Identify affected devices to determine breadth of the problem and assess risk of not upgrading. 
  * Establish and execute a plan to systematically migrate to currently supported operating systems or employ a 
cloud-based service. 
  * Contact the operating system vendor to explore opportunities for fee-for-service maintenance, if unable to upgrade. 
 

References

  * [1] Microsoft End of Support FAQ [ 
https://www.microsoft.com/en-us/windows/windows-7-end-of-life-support-information ] 
  * [2] Microsoft Windows Lifecyle Fact Sheet [ 
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet ] 
  * [3] Microsoft Windows Upgrade and Migration Considerations [ 
https://docs.microsoft.com/en-us/windows/deployment/upgrade/windows-upgrade-and-migration-considerations ] 
  * [4] ComputerWorld: Leaving Windows 7? Here are Some non-Windows Options [ 
https://www.computerworld.com/article/3431616/leaving-windows-7-here-are-some-non-windows-options.html ] 
  * [5] CISA Analysis Report AR19-133A: Microsoft Office 365 Security Observations [ 
https://www.us-cert.gov/ncas/analysis-reports/AR19-133A ] 

Revisions

  * October 17, 2019: Initial version 
________________________________________________________________________

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]