Windows 7 may be dead for the rest of the world but for two Australian government departments, it's alive and well for at least another year.
In a report from ITNews, it confirmed the ATO and Department of Defence (DoD) would extend the life of their Windows 7-operating devices for at least another year after signing contracts totalling $8.7 million with Data#3, a cloud computing company.
The contracts ensure, according to iTNews' report, that security updates will be continued throughout 2020 despite Microsoft pulling the plug on support for Windows 7 on January 15, 2020. The majority of that contract, $6.1 million, is for DoD, which despite allegedly migrating to Windows 10 from Vista last year, still has some devices running Windows 7.
The ATO has told iTNews none of its devices have yet to migrate to Windows 10, apart from devices which already came with the most recent OS. It expects to complete the transition to Windows by December 2020. Better late than never, I suppose.
iTNews reports ASIC is also due to enter a contract to extend security support for its Windows 7 devices. Just a reminder here that mainstream support for Windows 7 was discontinued in 2015 when Windows 10 was released. Migrating a full agency's catalogue of devices to a new operating system is a timely and expensive task but it's probably a process that should've been started maybe a few years ago when Microsoft was still providing free security updates.
But I digress.
Despite Windows 7 being risky for the rest of us non-government departments to be using, a critical Windows 10 vulnerability was spotted by U.S. intelligence agency, the National Security Agency (NSA). The vulnerability would trick the system into believing it was a trusted software allowing it to install whatever nasty malware or ransomware it desired. Australia's own cybersecurity agency, the Australian Cyber Security Centre (ACSC), also released an advisory in response to it.
"[The vulnerability] could allow an adversary to spoof a code-signing or TLS certificate and have it appear as valid, in addition this vulnerability may allow remote code execution," the ACSC said.
"The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network."
You can ensure you've got the latest patch by heading to Microsoft 10's advisory page and downloading the relevant security patch.
The U.S. National Security Agency disclosed a major vulnerability in the latest version of Windows 10 and Windows Server 2016 to Microsoft, which released a fix for the issue on Tuesday, the MIT Technology Review reported.