According to Daniel Goldberg, Security researcher at Guardicore, some estimates suggest that Server 2008 and 2008 R2 make up nearly a third of all server machines worldwide, and despite being over a decade old, these operating systems are still used. use widely.

“Microsoft offers organizations some options to handle the end of the useful life of these operating systems. The first and best option is to upgrade to Windows 10 and Windows Server 2016, both with many years of support for the future, ”added the researcher, who mentioned other alternatives that Microsoft offers, such as paying for customized security solutions. Depending on the business relationship with the multinational and the exact operating system, the cost can be more than $ 200 per year per machine. And while Microsoft will offer this extended support for free to companies migrating to Azure, that migration itself has additional implications, Goldberg said.

Advertiser
Organizations that cannot immediately update their systems should not panic, he added, as they can still mitigate risks by taking a few extra precautions. Organizations can still effectively protect their systems, limiting exposure, as they continue to evaluate the best long-term course of action, using five reinforcement recommendations, Goldberg said:

–To get started, we encourage organizations to apply best practice reinforcement guides for Windows Server 2008 R2 and Windows 7. Microsoft regularly publishes such guidelines as part of the Microsoft Baseline Security Analyzer.

–Whenever possible, disable SMBv1 and enable SMBv2 message signing. This will prevent many lateral movement attacks, including all attacks that use the EternalBlue family of vulnerabilities and many techniques that abuse NTLM relay.

–Change the network authentication settings to block the use of weak and obsolete authentication methods, such as NTLMv1 and LanMan. This will prevent many token theft attacks employed by popular offensive security tools like Mimikatz.

–To aid investigations into future security incidents and reduce the risk of corrupted logs, we recommend forwarding all event logs to a centralized and hardened server. Microsoft provides guidance for this, and Palantir provides many examples and help programs.

Read More: IT manager responsibilities