Bern, 16.12.2019 - Microsoft has announced that support and thus updates for various older products will be discontinued on 14 January 2020. The following products will be affected: operating system "Windows 7", "Windows Server 2008" and "Windows Server 2008 R2".
"SQL Server 2008" and "SQL Server s008 R2" reached the end of their support lifecycles on 9 July 2019 and have not been updated since. "End of life" is a standard measure after expiry of Microsoft's usual 10-year support cycle.
It can be assumed that attackers will set their sights keenly on these products from 14 January 2020. It will be possible for previously undetected security vulnerabilities to be exploited easily, as no patches will be provided anymore.
During the various attacks with encryption Trojans (ransomware) in recent months, attackers often searched specifically for unpatched security vulnerabilities in order to spread the malware in the target network.
Switzerland currently has around 10,000 servers in operation in the "Windows Server 2008", "Windows Server 2008 R2", "SQL Server 2008" and "SQL Server s008 R2" product groups.
Consequently, MELANI strongly recommends that all companies and individuals replace any products from the above categories that are still in operation as a matter of urgency. If this cannot be done, it is essential to take additional protective measures: isolating devices from the rest of the network and from the internet, special monitoring, looking into an Extended Support agreement with Microsoft, etc.
In order to be prepared in time for such cases, lifecycle management should be ensured for each product used. This means that migrations should be planned in good time to ensure that products are replaced once the manufacturer stops supplying security patches.
Microsoft publishes the lifecycles of its products on its website (https://support.microsoft.com/de-ch/lifecycle/search/1163).