It is nothing new for me to say that patches and upgrades are an essential step in any organisation’s cyber security plan. Threat actors actively go after any system that has a weakness as soon as they know about it – many times before a vendor even knows there is a problem. Do not be that organisation that patches only after an attack.
With that in mind Microsoft is going to force updates on older versions of Windows 11, that it will no longer support.
Microsoft to start force-upgrading Windows 22H2 systems next month (bleepingcomputer.com)
Your takeaway
In the past we have kept old systems running because of legacy software, today I am not sure we would get involved with that as the risk seems too great for us to take. If a client has carefully thought about it, examined the risk and the consequences and gives us an instruction in writing, I suppose we would do it. But is it a good idea if the system then becomes vulnerable if it is online?
Clive Catton MSc (Cyber Security) – by-line and other articles
