Endpoint Security , Governance & Risk Management , Legacy Infrastructure Security

FBI Warns of Serious Risks Posed by Using Windows 7

Bureau Says Attackers Can Use Vulnerable RDP Connections to Access Networks
FBI Warns of Serious Risks Posed by Using Windows 7

The FBI is warning organizations that are still using Microsoft Windows 7 they are in danger of attackers exploiting vulnerabilities in the unsupported operating system to gain network access.

See Also: Microsoft Vulnerabilities Report 2020

In a private industry alert, the FBI notes that there’s been an uptick in hacking attempts targeting devices using Windows 7 since Microsoft ended support for the old operating system on Jan. 14 and stopped automatically issuing patches. Although those using Windows 7 can still purchase a security support package to obtain patches, the FBI and Microsoft are urging organizations to update to a more recent version of Windows instead (see: Windows 7: Microsoft Ceases Free Security Updates).

"The FBI has observed cybercriminals targeting computer network infrastructure after an operating system achieves end-of-life status,” the FBI alert notes. “Continuing to use Windows 7 within an enterprise may provide cybercriminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered."

Windows 7 Still Popular

Despite the end to automatic updates from Microsoft, Windows 7 is still widely used at organizations around the world.

As of July, about 20% of all Windows-based devices still used Windows 7, according to Statcounter. Back in December 2019, NetMarketShare reported that Windows 7 remained the second most used operating system, following Windows 10, with one-third of all desktop and laptop PCs still running Windows 7.

"With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target," the FBI notes.

Leveraging RDP for Network Access

Hackers are likely to target devices using unpatched Windows 7 and then exploit vulnerabilities in Remote Desktop Protocol – a proprietary Microsoft communications protocol that allows system administrators and employees to connect to corporate networks from remote computers, the FBI says.

“Cybercriminals continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol exploits,” the alert states.

Since the COVID-19 pandemic led to a shift to a remote workforce, security firms, including ESET and Kaspersky, have noted a sharp increase in brute-force and other attacks looking to exploit unpatched RDP connections to gain a foothold into the larger network (see: Brute-Force Attacks Targeting RDP on the Rise).

"Cybercriminals often use misconfigured or improperly secured RDP access controls to conduct cyberattacks," the FBI notes. "The xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world."

BlueKeep Vulnerability

Unpatched RDP connections are vulnerable to a flaw dubbed BlueKeep, which Microsoft has been warning about since mid-2019. Exploits for this bug have been spotted in the wild (see: Microsoft Warns Users: Beware of Damaging BlueKeep Attacks).

And while the BlueKeep flaw has mainly been tied to hackers planting cryptominers, Microsoft and the FBI note the bug is also a wormable vulnerability. If exploited, an attacker could remotely access other vulnerable computers across an entire network and push malware across the entire infrastructure in much the same way the WannaCry ransomware spread in 2017 (see: DHS Is Latest to Warn of BlueKeep Vulnerability).

Risk Mitigation

The FBI recommends that users who are unable to upgrade to newer versions of Windows or buy a support package for Windows 7 should take certain steps to enhance the security of devices still running Windows 7. Those include:

  • Validate current software used within the larger network as well as access controls and network configurations;
  • Ensure that properly configured firewalls, along with anti-virus and spam filters, are in use;
  • Audit network configurations and isolate computer systems that cannot be updated;
  • Audit networks using RDP, close unused RDP ports, apply two-factor authentication and log any RDP login attempts.

Britain's National Cyber Security Center has also released short-term recommendations for protecting organizations until they can transition to supported operating systems.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.