Why Does Microsoft’s End of Life (EOL) Matter?

Microsoft officially ended support for its Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems on January 14, 2020.

What Does That Mean?

Microsoft stopped providing free security patches and updates for these operating systems. The only way to obtain subsequent patches and updates is to enroll in Microsoft’s costly Extended Security Updates (ESU) program on a per-device basis. Most organizations elected to upgrade their legacy Windows systems to use modern operating systems such as Windows 10 and Windows Server 2016, but some did not, leaving a gaping hole in the security of their respective networks.

Why Does This Matter?

Everyday new software vulnerabilities are discovered, and new malware is created by cybercriminals. And since free patches and updates for Windows 7 and Windows Server 2008/R2 ended more than 15 months ago, hackers are taking advantage of and exploiting newly discovered vulnerabilities on those systems. Supplemental security controls like antivirus software cannot effectively mitigate these risks, so the continued presence of Windows 7 and Windows Server 2008/R2 systems is very much a ticking time bomb that can explode into a potentially devastating security incident.

If the inability to detect and remediate vulnerabilities isn’t bad enough, the absence of security patches and updates has led to major compatibility issues with modern Windows systems in Active Directory domains. For example, at least one recent update for Windows Server 2016 and 2019 Active Directory domain controllers has been found to break their ability to communicate with legacy Windows Server 2008/R2 systems, meaning that an organization’s otherwise well-intentioned patching strategy could inadvertently cause mass authentication failures and connectivity issues throughout the domain.

For these reasons and others, the best course of action is to immediately upgrade or replace legacy Windows 7 and Windows Server 2008/R2 systems that are still in use. In cases where critical software applications are not supported on modern operating systems, the affected legacy systems should be segmented and isolated from the rest of the production network. While this strategy will not fully mitigate the risk, it will reduce the organization’s attack surface if implemented correctly.

It’s also important to note that Windows Server 2012/R2 will reach EOL status on October 10, 2023, and Windows Server 2016 will reach End of Mainstream Support status on January 11, 2022 (with an EOL in 2027). So at this point, plan to use Windows Server 2019 for any server upgrade.

Next Steps

If your organization still has Windows 7, you may not have a sense or urgency to upgrade, however with the absence of new features and security upgrades your organization will be much more vulnerable. Every Windows operating system has a life cycle and it’s important for your organization to stay up to date with end of life dates as it pertains to your organizations network and cybersecurity. If you need help in managing End of Life, or if you have questions about next steps, our team of Microsoft experts are ready to help. Schedule a consultation with our team today.

Ross Filipek

Ross is the CISO at Corsica Technologies. He has achieved CCIE Security and CISSP certifications, an MBA from the University of Notre Dame, and has 20 years of experience in the fields of computer and network security engineering and consulting. Ross provides virtual CISO services for clients and helps them to identify information security risks and implement administrative, procedural, and technical controls to mitigate. He works effectively with both technical and managerial personnel and is a trusted resource for our clients.


Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

MDM vs. MAM: Which one is right for you? - Corsica Technologies

MDM vs. MAM: Which One Is Right For You?

How should you handle mobile devices that have access to company data and systems? This is a crucial question for today’s on-the-go, hybrid workforce. Maybe you give your team company-owned mobile devices. Or perhaps your employees find it more convenient

Read more
Managed Network Services - Everything You Need to Know - Corsica Technologies

Managed Network Services: Everything You Need To Know

For overworked IT teams, managed network services are a lifesaver. Rather than monitoring network logs, troubleshooting switches, and working overtime to mitigate vulnerabilities, you can engage a trusted partner to manage your network for you. But not all providers are

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.