Microsoft Removes Support for Windows 1803, 1809 and 1909

Applying patches has always been a key part of a security strategy and vendors like Microsoft have regular patch release cycles to improve security, fix bugs and generally improve their products. Patching remains the single most important thing you can do to secure your technology and is why applying patches is often described as ‘doing the basics’. (NCSC).
However, when software products are no longer supported by the vendor, no new patches are released for any security vulnerabilities that are identified. This could expose your IT and data to attack.

This is the case with Microsoft Windows.

From the 11th of May 2021, Microsoft will cease support for a number of operating systems, including:

Windows 10 Education, version 1803 and version 1809

Windows 10 Enterprise, version 1803 and version 1809

Windows 10 IoT Enterprise, version 1803 and version 1809

Windows 10 Home, version 1909

Windows 10 Pro, version 1909

Windows 10 Pro Education, version 1909

Windows 10 Pro for Workstations, version 1909

Windows Server Datacenter, version 1909

Windows Server Standard, version 1909

In addition, support for the legacy version of the Microsoft Edge desktop application finished in March, therefore the new Microsoft Edge should now be in use to ensure an up-to-date browsing experience.

Lack of support implies that no new security patches for the product will be released. Whilst there have been some recent exceptions to this within Microsoft’s ecosystem for major security problems, this is an exception to normal practise. As a result, these platforms are likely to contain security vulnerabilities moving forward.

We strongly recommend that if you are running any of these operating systems, you should accelerate your upgrade programme to remain on a supported platform.

NCSC also recommends that organisations perform vulnerability assessment of their entire estate on a monthly basis to identify new vulnerabilities so they can be fixeded before they are exploited. You can run automated vulnerability assessment tools yourself and there is some useful guidance here Vulnerability management – NCSC.GOV.UK

Alternatively, you can outsource this as a managed service and gain access to cyber expertise whenever you need it. For more information see our Testing as a Service (TaaS).

Ready to discuss your requirements?