Microsoft will end support for Windows 8.1 on January 10, meaning that the software manufacturer will no longer provide technical assistance and software updates for this version of the operating systems. Many people are not happy about that.
The security teams of large companies have been counting on the expiration of Windows 8.1 for some time. Microsoft’s intentions have been public for months, after the end of support for Windows 7 in January 2020, the time has come to phase out Windows 8.1.
But security experts say there are a number of industries that will struggle with the end of support for Windows 8.1. In particular, small businesses, municipalities, public education institutions, and smaller commercial radio and television stations fall into the category of organizations that rely on specialized software and have little or no money to easily migrate to Windows 11 machines. Retail-hospitality, medical and industrial-manufacturing companies will also have challenges due to the disappearance of Win8.
“Unfortunately, many businesses still rely heavily on legacy systems, including companies in the industrial and banking sectors. These industries place their digital trust in systems that are difficult to upgrade and cannot tolerate being shut down for updates. EoL (the without an end-of-life) plan, this can become a major security risk,” said Joey Stanford, VP of Privacy and Security at Platform.sh in SC magazineto.
According to Stanford, the announcement of Windows 8.1 EoL did not come out of nowhere, so the risks of not fixing or updating should be 100 percent borne by the responsible company. While it may seem easy to ignore the announcement, Stanford says any system left on Windows 8 exposes the business to significant risk. In August 2020, the FBI sent a warning to the private sector that cybercriminals are specifically targeting Windows 7 systems after the end of support. This situation has now arisen again.
“Ignoring the EoL date is not an option. However, this is not a simple ‘automatic upgrade’ for everyone. Latecomers to the party should bypass Windows 10 and go straight to 11, a much more to a newer and more expensive operating system that some people’s hardware won’t support,” Stanford said.
Mike Parkin, senior technical engineer at Vulcan Cyber, added that while it is “likely” that if Windows 8.1 is affected by a critical vulnerability, Microsoft may release an emergency patch after that date, there is no guarantee.
“Windows 11 has been out for a while now, so there’s really no reason for Microsoft to continue supporting legacy operating systems. The real challenge is for organizations that have legacy apps that haven’t been updated to run on the latest platforms. “They’re in a position where they have to choose between losing vital functionality and looking for an expensive and time-consuming replacement, or leaving the old application running on an outdated and vulnerable operating system,” said Parkin.
Andrew Barratt, vice president of Coalfire, says there are really only two options for security teams, and both require planning well in advance. Consider highly specialized – and often quite expensive – extended support options, or plan to replace your operating system with a fresh one.
“The industries that are most exposed have quasi-embedded devices that use these operating systems. Quasi because they’re not using a scaled-down version of the operating system for IoT or embedded use, they’re using a ‘black box’ approach. Think just to cash registers, medical support devices or even control management systems. Often third-party systems fall into these categories, which then makes them even more complicated to manage,” Barratt said.