The proper maintenance and applications of patches, hot fixes, and other after the fact code revisions is important in maintaining a proper level of security and the protection of university data and systems.
Unfortunately, as software continues to become more complex, the identification of software vulnerabilities expands far past the initial release of software, which is why the timely application of software patches is critical. As an example, the current version of Windows has about 50 million lines of code, and it is estimated that there are about 10-20 defects on average in every 1000 lines of code for Windows (the industry average is much higher at 15 – 50 defects in every 1000 lines!)
When Operating Systems reach their end of life and end of support by the vendor, it is time to reduce their use and for those that must remain because of other technical limitations, institute risk mitigation measures to reduce the possibility for existing software bugs to be leveraged by attackers. These measures typically include disconnection from the network, or severely limiting access the Internet.
Two heavily used Microsoft products are heading towards their End of Lifecycle support in 2020, with both Windows 7 and Windows Server 2008 occurring in January 2020.
As we work towards the deprecation of Windows 7 and Windows Server 2008 in the coming months, ITS will be working closely with individuals and departments in identifying the impact this represents and planning for the retirement or replacement of these devices.