Security insights from ThreatLocker
The deadline for Windows 7 end of life is approaching quickly. With only a few weeks to go, organizations around the world are scrambling for ways to protect themselves, facing the inability to carry out security updates.
Before I approach ways in which you can harden your systems, keep in mind that running unsupported operating systems is dangerous. While these techniques will lower your surface area of attack, no cybersecurity solution can fully replace the need to patch and run supported operating systems.
With that being said, regardless of whether you are running an unpatched or patched operating system, there are ways you can harden your environment.
Enable personal and local firewalls
Many Windows vulnerabilities stem from the RPC protocol. There are several historic vulnerabilities, including Eternal Blue, which was exploited in 2017 to spread the extremely damaging WannaCry ransomware. By enabling the Windows Firewall, or another third-party firewall, attackers will not be able to access the ports to exploit these vulnerabilities.
Block or Ringfence Internet Explorer
Internet Explorer is the problem child of Microsoft. What was once the world's leading browser is now a security nightmare. Just two months ago, a vulnerability allowed attackers to launch fileless malware attackers with minimal effort. With the constant patching required, it is important to block Internet Explorer from running. This can easily be achieved by using a group policy or ThreatLocker’s Application Whitelisting. If you cannot block Internet Explorer because of legacy sites, use ThreatLocker's Ringfencing. This will block Internet Explorer from accessing any sites that are not explicitly trusted and stop the browser from accessing your documents or interacting with other applications.
Use browsers that are still updated such as Google Chrome or Edge Chromium.
Block any untrusted applications
Software, whether malicious or poorly written, is often the easiest way to gain access to your systems. Whether it exploits bugs in UAC, encrypts your files, or copies your data. The best way to harden your system to make sure nothing can run that is not explicitly trusted. Use ThreatLocker Application Whitelisting to easily catalog a list of what can run and block everything else. This will reduce your surface area of attack massively. Application Whitelisting is the gold standard when it comes to blocking software-based malicious software or threats.
Patch your 3rd Party Applications
Just because Windows cannot be updated does not mean you shouldn’t patch your other third-party applications. Make sure your web browsers and other applications are patched and up to date. Not only will this reduce your surface area of attack, but often these patches fix bugs in your systems.
Control what software can do
Software exploits are one of the biggest causes of breaches. Patching applications is a great way to reduce the risk, but you should also control what these applications can access. Use ThreatLocker Ringfencing to make sure applications including Windows Apps, Driver Support Apps, Games, and general applications cannot access your files, make changes to the registry, or even go out to the internet. Controlling Applications is a great way to harden your system beyond. Ringfencing effectively kneecapped eternal blue and stopped WannaCry!
Give your users additional cyber training
We are always at war with cybercriminals, and end-users should be aware of this. Offer your users training on how to be more vigilant and explain to them that with the end of support for Windows 7, the bad guys just got an upgrade to their arsenal!
Join us on our webinar and open discussion on securing Windows 7 post-end-of-life by registering at: https://zoom.us/webinar/register/8015784265553/WN_xwcKDX8NTXG9i1jtRGKP4Q