The (Microsoft) Windows Are Wide Open for Bad Actors
Briefly

Microsoft will end Windows 10 support on October 14, creating immediate security risk for organizations that cannot finish Windows 11 migrations. Many healthcare organizations cannot complete migrations by that date because hundreds of legacy applications must be maintained. Typical enterprise migrations require six to nine months to build and test images, re-image devices, train staff and roll out the new OS. Microsoft will offer a three-year Extended Security Updates subscription providing critical patches only. Many organizations avoid continuous Enterprise Agreements for cost reasons, often cycling on and off EA, while maintaining roughly 150–300 applications and using compensating technologies like Citrix, which increases costs and exposure.
On October 14, Microsoft will officially end its support for the Windows 10 operating system. Most healthcare organizations won't be able to fully transition to Windows 11 by then because they have so many legacy applications to run. That means that bad actors will soon be launching malware that takes advantage of known openings and vulnerabilities during the Windows transition period.
Even for the biggest organizations with large model IT staffing, the transition to Windows 11 is at minimum a six-to-nine month process. First, you have to build an image and test it against all your applications. Then you have to re-image devices, train your entire staff and formally roll out the new operating system. Microsoft will offer an Extended Security Updates (ESU) program for up to three years following Windows 10 end-of-service.
One complicating factor is that many healthcare organizations don't consistently maintain a Microsoft Enterprise Agreement (EA) due to cost considerations. The first phase of the agreement covers the licenses and initial support, then the organization pays 85% of that amount for ongoing support and maintenance (which includes the right to upgrade to new versions of Windows). To reduce operating costs, many hospitals and healthcare organizations will go three years on EA followed by three years off before signing a new agreement.
Read at Securitymagazine
[
|
]