Close this search box.

Why Does Microsoft’s End of Life (EOL) Matter?

Microsoft Windows button on a keyboard.

Microsoft officially ended support for its Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems on January 14, 2020.

What Does That Mean?

Microsoft stopped providing free security patches and updates for these operating systems. The only way to obtain subsequent patches and updates is to enroll in Microsoft’s costly Extended Security Updates (ESU) program on a per-device basis. Most organizations elected to upgrade their legacy Windows systems to use modern operating systems such as Windows 10 and Windows Server 2016, but some did not, leaving a gaping hole in the security of their respective networks.

Why Does This Matter?

Everyday new software vulnerabilities are discovered, and new malware is created by cybercriminals. And since free patches and updates for Windows 7 and Windows Server 2008/R2 ended more than 15 months ago, hackers are taking advantage of and exploiting newly discovered vulnerabilities on those systems. Supplemental security controls like antivirus software cannot effectively mitigate these risks, so the continued presence of Windows 7 and Windows Server 2008/R2 systems is very much a ticking time bomb that can explode into a potentially devastating security incident.

If the inability to detect and remediate vulnerabilities isn’t bad enough, the absence of security patches and updates has led to major compatibility issues with modern Windows systems in Active Directory domains. For example, at least one recent update for Windows Server 2016 and 2019 Active Directory domain controllers has been found to break their ability to communicate with legacy Windows Server 2008/R2 systems, meaning that an organization’s otherwise well-intentioned patching strategy could inadvertently cause mass authentication failures and connectivity issues throughout the domain.

For these reasons and others, the best course of action is to immediately upgrade or replace legacy Windows 7 and Windows Server 2008/R2 systems that are still in use. In cases where critical software applications are not supported on modern operating systems, the affected legacy systems should be segmented and isolated from the rest of the production network. While this strategy will not fully mitigate the risk, it will reduce the organization’s attack surface if implemented correctly.

It’s also important to note that Windows Server 2012/R2 will reach EOL status on October 10, 2023, and Windows Server 2016 will reach End of Mainstream Support status on January 11, 2022 (with an EOL in 2027). So at this point, plan to use Windows Server 2019 for any server upgrade.

Next Steps

If your organization still has Windows 7, you may not have a sense or urgency to upgrade, however with the absence of new features and security upgrades your organization will be much more vulnerable. Every Windows operating system has a life cycle and it’s important for your organization to stay up to date with end of life dates as it pertains to your organizations network and cybersecurity. If you need help in managing End of Life, or if you have questions about next steps, our team of Microsoft experts are ready to help. Schedule a consultation with our team today.

Ross Filipek

Ross is the CISO at Corsica Technologies. He has achieved CCIE Security and CISSP certifications, an MBA from the University of Notre Dame, and has 20 years of experience in the fields of computer and network security engineering and consulting. Ross provides virtual CISO services for clients and helps them to identify information security risks and implement administrative, procedural, and technical controls to mitigate. He works effectively with both technical and managerial personnel and is a trusted resource for our clients.


Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

Unlimited IT Support Services - Corsica Technologies

The End Of Metered Billing In Technology Services

Let’s be honest. When it comes to technology services, something is broken. Customers aren’t getting the consistency, responsiveness, and cost transparency they deserve. Meanwhile, MSPs (managed IT service providers) promise the moon with “all-in” pricing, yet they still allow tons

Read more
CPCSC - Canadian Program for Cyber Security Certification - Corsica Technologies

CPCSC For Canadian Defense Contractors: What We Know Today

With cybersecurity threats evolving rapidly, governments are taking steps to protect sensitive but unclassified information that they must share with their suppliers. This is a critical undertaking, as hackers can use sensitive information to inform their strategies—plus they can execute

Read more
EDI Software - 5 steps to choosing the right solution - Corsica Technologies

5 Steps To Choosing The Right EDI Software

How do you understand EDI and choose the right solution for your business? Whether you’re just starting with EDI or replacing an outdated solution, it’s crucial to get this right. Picking the wrong EDI software for your situation can saddle

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.