Security News

Avoiding the costly ESU cycle: Lessons learned from Windows 7 end-of-life
2021-11-01 06:30

Looking back at the end-of-life saga that surrounded Windows 7 and Windows Server 2008 will give businesses a clear idea of what they need to do in the next four years. Both Windows 7 and Windows Server 2008 ceased receiving support and updates from Microsoft in January 2020.

Microsoft patches PrintNightmare – even on Windows 7 – but the terror isn't over
2021-07-07 05:20

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Microsoft no longer offers Windows 7 drivers via Windows Update
2021-06-17 20:39

Microsoft says it no longer offers drivers for Windows 7 and Windows Server 2008 systems through Windows Update starting today. The move comes after the expiration of the SHA-1 Trusted Root Certificate Authority for Windows 7 and Windows Server 2008 on May 9, 2021.

NVIDIA is dropping support for Windows 7 and Windows 8 drivers
2021-06-13 16:33

NVIDIA is dropping support for Windows 7, Windows 8, and Windows 8.1 drivers starting in October. While drivers for Windows 7, Windows 8, and Windows 8.1 will continue to receive critical security updates through September 2024, they will no longer receive any non-security improvements.

Microsoft partially fixes Windows 7, Server 2008 vulnerability
2021-04-20 16:09

Microsoft has partially fixed a local privilege escalation vulnerability impacting all Windows 7 and Server 2008 R2 devices. Security researcher Clément Labro discovered that insecure permissions on the registry keys of the RpcEptMapper and DnsCache services enable attackers to trick the RPC Endpoint Mapper service to load malicious DLLs on Windows 7 and Windows Server 2008R2.

U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7
2021-02-12 18:24

On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency. The government's latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency, comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft's out-of-service Windows 7 operating system.

Unofficial Patch Released for Windows 7 Zero-Day Vulnerability
2020-11-27 11:31

An unofficial patch is now available through ACROS Security's 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2. The privilege escalation flaw, detailed by security researcher Clément Labro on November 12, exists because all users have write permissions for HKLMSYSTEMCurrentControlSetServicesDnscache and HKLMSYSTEMCurrentControlSetServicesRpcEptMapper, two keys that could be used for code execution. Specifically, the researcher discovered that a local non-admin user could target any of the two keys to create a Performance subkey, then trigger performance monitoring to load an attacker DLL through the Local System WmiPrvSE.exe process, and execute code from it.

Windows 7 and Server 2008 zero-day bug gets a free patch
2020-11-25 12:55

An unpatched local privilege escalation vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free and temporary fix today through the 0patch platform. 0patch's free micropatch is targeting Windows 7 and Server 2008 R2 computers without ESU and those with ESU. At the moment, only small-and-midsize businesses or organizations with volume-licensing agreements can get an ESU license until January 2023.

Windows 7 won't die, still second most popular operating system
2020-11-03 13:04

Linux went from 1.14% to 1.65% and Ubuntu now holds a market share of 0.51%. The market share of Windows 7 has also dropped, but many users are still actively using outdated Windows 7, which could be due to its huge number of enterprise users. According to NetMarketShare, Windows 7 saw a drop from 22.77% to 20.41% last month.

Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
2020-09-28 19:56

An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials. Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.