On the heels of last week’s lye-poisoning attack against a small water plant in Florida, the U.S. government’s cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency.
The government’s latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft’s out-of-service Windows 7 operating system. In addition to running Windows 7 on computers at the plant, all devices used the same password for remote access.
Microsoft ended support for Windows 7 more than a year ago but, as cybersecurity experts warn on a nonstop basis, the plants and factories that run critical infrastructure are very slow to migrate to newer operating systems.
This means that unless organizations purchase an Extended Security Update (ESU) plan from Microsoft, security patches for remote, code-execution vulnerabilities will remain unpatched. The ESU is a per-device plan available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues use.
[ Learn more about threats to industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series ]
More ominously, Microsoft will only offer ..
Support the originator by clicking the read the rest link below.
