Moving away from Windows 7 will help prevent unnecessary exposure to security vulnerabilities and also help to satisfy requirements that govern various regulatory and compliance frameworks.
Microsoft® Patch Tuesday will continue on but January 14th saw the last freely-available software update for Windows 7. This is important to realize because end-of-life software and OS’s (like Windows 7) will no longer benefit from necessary security patches to provide protection.
Bad actors will continue to backport new vulnerabilities by specifically targeting shared software components. Currently supported systems will receive patches and updates for those new vulnerabilities however, unpatched, end-of-life software products will be vulnerable to emergent threats.
Keeping an eye out for new threats may provide further impetus to transition off of Windows 7.
Staying on Windows 7 can adversely impact the security and privacy of your environment and also may violate compliance frameworks. One specific example surrounds the Payment Card Industry Data Security Standard (PCI-DSS) and the 6.2 requirement:
“Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor supplied security patches. Install critical security patches within one month of release.”
As well, under the Health Insurance Portability and Accountability Act (HIPAA), unsupported software is not compliant. Remaining on Windows 7 may also increase the potential for exposure of Personally Identifiable Information (PII).
Based on your use case, a number of options may be available, including: