Windows 10 divides updates into two categories, with two different release cadences:

1. Feature updates – which relate to improvements and new capabilities and are released twice a year, during spring and fall, also known as “semi-annual” releases.
2. Quality updates – which are Windows security improvements and are also known as “cumulative updates”. These usually happen every second Tuesday of every month, also known as “Patch Tuesday”, with the most recent one being on April 14, 2020.

Occasionally, if there’s a high-risk security vulnerability discovered, Microsoft releases an out-of-band patch, i.e. in between Patch Tuesdays, that should be applied immediately.

A recent out-of-band security update was released in March 2020 to address an SMB vulnerability referred to as ‘SMBGhost’ or ‘EternalDarkness’ by security vendors. This ‘wormable’ Windows vulnerability, CVE-2020-0796, impacted the Microsoft Server Message Block 3.1.1 (SMBv3 network communications protocol). (Read more about it in our blog Pay Attention to Cybersecurity Warnings).

Patches are cumulative in Windows 10, meaning that if you miss an update one month, it’s rolled into the patch for the next month.

From a business IT perspective, we want to automate the Windows 10 update process using an endpoint management solution. We also want complete control over the process so that we can specify the update schedule and determine which individual devices or groups of devices receive them.

Windows 10 Patching in Kaseya VSA

Kaseya VSA enables you to automatically deploy Windows patches. It also supports native Windows patching. This allows you to configure Windows update settings in VSA and control how Windows manages its own patching process.

You can also enforce the Windows configuration settings you set up in VSA by automatically reverting to them if a local admin makes changes.

Kaseya VSA and Windows Update Group Policy

Using Kaseya VSA, your IT administrators can apply and remove Windows Update Group Policies and set them on all managed endpoints. They can configure many different Windows Update Group Policy options in VSA, such as:

Windows Automatic Updates

This specifies whether a specific computer will receive security updates and other important downloads through the Windows automatic updating service.

Windows Update Power Management

This allows you to wake up a computer to apply the Windows patch update. This could be very useful if you want to schedule Windows updates for remote worker computers that may be turned off after hours.

Control download bandwidth

With Kaseya VSA you can also control download bandwidth used for the Windows update. This can be very useful when managing remote worker computers that may be on lower bandwidth home networks.

Windows Patch Management Best Practices

Here are a few best practices for managing Windows patches:

• Execute your scans throughout the week prior to an upcoming Patch Tuesday to ensure you have the latest information available on your endpoints.
• Distribute your scans extensively. This is important since users are mostly working from home and we want to conduct software patch management related tasks during non-peak hours to ensure the tasks can be completed. Kaseya VSA supports scan distribution windows.
• Distribute your patch deployments. It is no secret that Windows patches are beginning to get larger in size (some over 1GB). This can strain not only your server but also your remote user’s network. We highly recommend staggering deployments with 6+ hour distribution windows if you are deploying during business hours.
• Take a look at scheduling deployment times with expanded distribution windows.
• Review new patches as they are released and create a plan to test the deployment of these newly available patches to a test environment or select group of endpoints before you deploy widely to your environment.

To learn more about patching your systems efficiently and improving your IT security with Kaseya VSA, download our checklist 10 Tips to Improve IT Security.

The post Managing Windows 10 Updates and Patches appeared first on Kaseya.

In April 2014, Windows XP reached its end of life. But many organizations continued its use until 2018. When Windows 7 support ends, Microsoft is providing paid extended security updates (ESU), but this could become costly if you continue using Windows 7 on a large number of devices.

If you are still contemplating whether (or when) to upgrade your operating system, let’s look back at the lessons learned from the EOL of Windows XP. 

• Cybersecurity attackers will take advantage of the outdated and unpatched OS 

Cybercriminals are evolving and so are their attacks. Not patching even a single critical vulnerability can be devastating to your company. Microsoft will not be providing free security patches for Windows 7 post the EOL date. You will have to pay for ESU which start at $25 per device for Windows 7 Enterprise, in the first year, and doubles each year after that. With hackers more determined than ever to find a way breach your systems, the Windows 7 end of life is going to be a boon for them. When the WannaCry attack was launched in 2017, about 98 percent of affected computers were running Windows 7, but they hadn’t been patched, even though the patch had been available for at least two months.

• Compliance will be compromised 

Running outdated and unpatched operating systems will put organizations at risk of failing to meet industry regulatory compliance for regulations such as HIPAA and GDPR. Companies will be subject to fines and penalties as a result of failing to comply with these regulations. For U.S. based healthcare organizations, HIPAA non-compliance can result in fines that range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. GDPR violations can result in penalties of up to 20 million euros or 4 percent of prior year revenue.

• Application compatibility issues may arise 

Application compatibility was a huge problem when migrating from Windows XP to Windows 7. During the XP migration, many organizations found that they had certain applications that could not be made compatible with Windows 7 without some measure of recompiling, at a minimum. This problem could present itself for the Windows 7 to Windows 10 migration as well, although it is expected to be much less of an issue. 

Don’t want to upgrade (yet)? You have some other options 

You can pay for the Extended Security Updates, as mentioned above. If you want to avoid the costly ESUs being provided after 2020 and still want to keep using Windows 7, the best option is to transition to Windows Virtual Desktop on Azure. You can run Windows 7 on these virtual desktops and you’ll also get three years of ESU for free.

When Microsoft announced Windows XP EOL in 2013, many organizations didn’t move quickly enough to make the transition to Windows 7. As the date approached, some companies began to scurry and began working on the upgrades in the final months leading up to the EOL. This kind of last-minute migration can put a strain on the IT staff and can leave more room for error. With only six months left, we trust you have begun your Windows 7 migration journey.  

Please join our webinar Windows 7 End of Life: Don’t Put Your Business at Risk to learn how to plan a successful migration. 

The post Lessons Learned from Windows XP End of Life appeared first on Kaseya.

The HIPAA Security Rule 45 C.F.R. § 164.308 (a)(5)(ii)(B) specifically requires updated patches on all systems – which will cease for Windows 7 and Windows Server 2008/R2 post January 2020, unless you pay for Extended Security Updates (ESU). If you continue using software that is unsupported and therefore, not being patched, you will no longer be HIPAA compliant. 

The healthcare industry has a large range of connected medical devices, which has increased the attack surface for cybercriminals. Once the Windows 7  end of life (EOL) date arrives, sensitive healthcare data will be vulnerable to security breaches if new software vulnerabilities are disclosed, jeopardizing your organization’s reputation. There are also, of course,  considerable financial risks associated with HIPAA non-compliance. 

The infamous WannaCry Attack of 2017 crippled hundreds of thousands of computers used in hospitals and healthcare practices in the United Kingdom. This cost the National Health Service (NHS) of the UK, 92 million pounds with 19000 appointments being canceled. At the time of the attacks, most of the healthcare units were using unpatched systems, including many running Windows XP and Windows 7. 

So, it is essential for all healthcare providers, including hospitals, clinics, doctors, chiropractors, dentists, psychiatrists, and others, small and big alike, to upgrade both PCs and medical equipment to the latest version of Windows for desktops ⁠— i.e. Windows 10. 

How to Start Your Migration to Windows 10 with Minimum Disruption

Here are a few elements to take into consideration before you begin your migration: 

Will Windows 10 OS run on your current devices?

One of the first steps is to check whether Windows 10 will run on your current computers and medical devices. If not, you might have to purchase new devices to replace the existing ones. 

How to Start Your Migration to Windows 10 with Minimum Disruption

EHR systems are a challenge to implement, maintain and update. Healthcare providers will have to assess the compatibility of their medical records systems with Windows 10. If your old system doesn’t work with Windows 10, you can run your system in compatibility mode by following the procedure here. Or you could upgrade your EHR system. A new or substantially upgraded EHR system is known to work well with the latest version of operating systems.  

Do you have a plan in place to replace or upgrade your PCs and medical devices?

If you don’t have a migration plan in place, now’s the time to implement one. Mass replacement of devices might put your healthcare business on hold. Plan a phased migration to reduce the risks associated with this type of complex undertaking. 

Using an updated operating system and thereby protecting your data is the key to HIPAA compliance. Upgrade to Windows 10 now before it’s too late.  

Hear from our special guest speaker Greg Schulz, Microsoft MVP, and learn about the risks and key considerations associated with Windows 7 migration.

Learn about:

• Security Risks if you Don’t Migrate
• The advantages of Win 10 and Win Server 2019
• Microsoft Software Update Models
• Your Options for Staying or Migrating
• And more

 Webinar Date & Time: Wednesday, 28 August, 2019 at 2pm EDT

 Register Here

The post Is Your Healthcare Organization Prepared for Windows 7 End of Life? appeared first on Kaseya.

It means that there will be no free security patches and updates released by Microsoft. It means that if you keep using Windows 7 and/or Windows Server 2008/R2, you will be at a huge risk of being exploited by cybercriminals if new vulnerabilities are disclosed. It means your company needs to put in the effort, starting now, for a smooth transition to a supported version of the OS- Windows 10 for desktops and laptops.

The Truth About Extended Security Updates

After a lot of customer insistence, Microsoft is offering Windows Extended Security Updates (ESU) starting in January, 2020, but at a cost. Customers can purchase Windows ESUs on a per-device basis until January 2023. In the first year, January 2020 to January 2021, Windows 7 Enterprise updates will cost $25 per device, in the second year, $50 per device, and in the third year $100 per device. The cost is twice as high for the Windows 7 Professional edition. With the price per device doubling every year, this can quickly get expensive for companies operating a large number of devices. 

The ESU program is also available for Windows Server 2008/R2. The price is about 75% of the on-premises license cost annually.

The Microsoft ESU program provides “important” and “critical” security updates, but not technical support after the EOL date. 

Another option is Windows Virtual Desktop on Azure — learn more in our ebook: Windows 7 End of Life is Coming: Don’t Put Your Business at Risk by Not Migrating.

The Repercussions of Continued Use of Windows 7 

You can continue using Windows 7 and Windows Server 2008/R2 after January 2020, but at your own risk, unless you pay for extended security updates. The main reason you might do this is because you have a legacy application that won’t run on the new operating system. In this case, you’ll want to minimize the number of devices that you keep on the EOL Windows platform.

Independent software vendors (ISVs) and hardware vendors are also likely to cease support for Windows 7. New hardware might not be compatible with it and manufacturers might not create hardware drivers for your out-of-date operating system. 

Everyday, new software vulnerabilities are uncovered and new malware is created by cybercriminals. Once Windows 7 and Windows Server 2008/R2 support ends, you can be sure that hackers will be ready to pounce on any new vulnerabilities that are discovered. Without regular OS updates and patches, you will be at the mercy of the cybercriminals. 

Prepare Now for the Inevitable Migration 

Considering the security risks and potentially high costs involved with staying on an unsupported OS, migrating to the latest version of Windows is the recommended path for Windows 7 and Windows Server 2008/R2 users.  

• Replace outdated hardware 

Moving to a new device ensures that you have the latest features with enhanced security and performance. Also, computers that are running Windows 7 are probably several years old and are due for replacement. With the new hardware you will also get the new version of the Windows operating system- Windows 10. 

• Migrate existing devices to Windows 10 

Migrating Windows 7 computers to Windows 10 is a cost-effective option. Companies can do an “in-place upgrade” for their desktops and laptops in many cases. However, Microsoft warns that there is no direct path to upgrade from Windows Server 2008 to Windows Server 2016 and beyond. First, you will need to upgrade to Windows Server 2012 and then to Windows Server 2016 and so on. Also, some older hardware might not be compatible with the new operating system. So, companies might have to assess which systems to be replaced and which to be migrated.

Are you overwhelmed with the task of migrating hundreds or thousands of devices to Windows 10? Stay ahead of the threats and begin your Windows 10 migration journey today.  

Download our eBook Windows 7 End of Life is Coming: Don’t Put Your Business at Risk by Not Migrating to begin a smooth transition to Windows 10. 

Stay tuned for our next blog “How to Prepare for Windows 7 and Windows Server 2008 End of Life”. 

The post What Does End of Life for Windows 7 and Windows Server 2008 Mean for Me? appeared first on Kaseya.