Skip to content
English
Visit our website
  • There are no suggestions because the search field is empty.

End of Life Microsoft Software

Severity: Critical

Likelihood: High (Common in legacy environments and often overlooked in patch management programs)

General Guidance

Identify and replace unsupported Microsoft software as a priority. Where immediate replacement is not possible, isolate and tightly control affected systems. End of Life services should not be exposed to the greater internet. Consider negotiating extended service agreements where applicable with the service provider.

What is the concern?

End-of-Life (EOL) Microsoft software (e.g., Windows 7, Windows Server 2008, older Exchange versions) no longer receives security updates or patches. Newly discovered vulnerabilities remain unpatched indefinitely, making these systems prime targets for attackers who actively develop exploits for known weaknesses.

Business Impact

  • Increased risk of system compromise and unauthorized access

  • Higher likelihood of ransomware infections

  • Data breaches involving sensitive or regulated data

  • Compliance violations (e.g., PCI DSS, HIPAA, ISO standards)

  • Operational disruption due to exploitation of legacy systems

  • Increased cost of incident response and recovery

How can this risk be Resolved

  • Upgrade to supported Microsoft versions (e.g., Windows 11, Server 2022/2025)

  • Implement a formal asset lifecycle management program

  • Apply network segmentation to isolate legacy systems

  • Use virtual patching via firewalls/IPS where upgrades are delayed

  • Decommission or replace systems that cannot be secured

  • Maintain accurate asset inventory and version tracking

Microsoft Windows Server should be updated to the latest version, this server is linked to the version of the operating system running so the whole system may need to be upgraded to a new version of Windows. If this isn’t possible, you should take steps to mitigate this issue, such as removing any sensitive systems and data and segregating this server from other parts of your infrastructure.

Please see Microsoft's website for further details or read our blog post for further information: https://www.kynd.io/news/windows-server-end-of-support/

Real-World Example

  • WannaCry Ransomware (2017): Exploited a vulnerability (EternalBlue) in older Windows systems, particularly Windows XP and Windows 7 machines that were unpatched or unsupported. This led to massive global disruption, including the UK’s National Health Service (NHS), causing canceled surgeries and widespread operational outages.

  • Exchange Server Attacks (ProxyLogon, 2021): Organizations running outdated or unpatched on-prem Microsoft Exchange servers were widely compromised, allowing attackers to deploy web shells and exfiltrate data at scale.

Detection Opportunities

  • Asset scans identifying unsupported OS or software versions

  • Vulnerability scans flagging missing patches with no available fixes

  • Network monitoring for legacy protocols (e.g., SMBv1)** still in use

  • Endpoint alerts tied to known exploits targeting older systems

  • Unauthorized external connections to legacy systems

  • Presence of systems not reporting into patch management tools