The trials and tribulations of Windows 7

Topic

New Reply

PATCH WATCH By Susan Bradley We’re starting the Windows 7 extended-support era … with more than our fair share of confusion. Before I shed some
[See the full post at: The trials and tribulations of Windows 7]

4 users thanked author for this post.

AlexEiffel, wdburt1, woody, abbodi86

Reply | Quote

Replies

Susan,

Thank you for your risk assessment report about Windows 7 post support-era.

About CVE-2020-0738, does it mean that you could get infected while browsing a web page on any browser? If so, it puts the risk at a whole different level than just having to avoid using IE.

Do you have any mitigation to suggest that doesn’t involve patches?

The way I see it, there is a very different category of risk using a PC where you need to download a malicious file and execute it to be infected vs just browsing the web and your browser displaying a tainted ad that will infect you without any other intervention.

A lot of people that consider themselves careful with computers might want to still run Windows 7 with a third-party browser for casual browsing and/or gaming and with nothing of much value on the PC they run it on, but I think it is important they have a good idea of the risk they get exposed.

Distinguishing between the different categories of risk and with the knowledge that it is exploited or not seem important.

Reply | Quote

A reading of the NVD report for this vulnerability suggests that it’s the type of exploit that is typically delivered via a phishing e-mail or some other method that requires a specific action by a victim who has been targeted as a result of who they are or whom they work for. In other words, it’s highly unlikely that a random user will chance on this exploit merely by surfing the Web. Things would be different, though, if you are an employee of a large company, or of government.

Note that the exploitability score is 2.8 on a scale of 10. While no privileges are needed to take advantage of the flaw, it does require user interaction; see the Base Score Metrics for this value and hover the mouse pointer over “Required”.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

7 users thanked author for this post.

David F, AlexEiffel, Charlie, ryegrass, Kranium, SueW, wdburt1

Reply | Quote

I would recommend “casual browsing” on your phone rather than an unpatched Windows 7.  Clicking on something one shouldn’t is too easy these days.

Susan Bradley Patch Lady

1 user thanked author for this post.

AlexEiffel

Reply | Quote

P.S. my goal is to try to keep track if/when these CVE’s start to be seen in attacks.

Susan Bradley Patch Lady

3 users thanked author for this post.

Kranium, SueW, AlexEiffel

Reply | Quote