January 2020 is a looming date for a lot of businesses, especially those that are in regulated industries. Unfortunately, on the exact opposite side are those that are excited at the increased odds of compromising your systems.
During our penentration tests, we scan for these outdated systems and validate we can compromise them. Why do we do this if it’s already known we can compromise them? By demonstrating the ability to escalate privileges or laterally move in the network using these unsupported/outdated systems, we make a greater impact on explaining the risk of the vulnerability. This is one of the easiest ways an attacker can gain a foothold in a corporate environment.
Microsoft is offering an extended support plan, for a price of course. We also don’t know just how much support it’s going to get and if it will receive timely security patches as additional vulnerabilities are discovered.