Welcome to Part 2 of our new tech series, How to Do More Rewarding Work as an MSP Technician! In part 1, we offered tips on how to improve your task time management and enhance efficiency. Now, we'll focus on a crucial aspect of a technician's work: patching.
Techs can't afford to let patching be an issue—so here are some key tips and considerations to avoid some serious patching headaches.
As an MSP, you know that patches and upgrades can be a continual thorn in your side for your technicians. In 2018, security researchers discovered over 16,000 vulnerabilities in various applications and operating systems. While only a small fraction of those CVEs was ever weaponized, each one needed to be patched—just in case.
This year, MSP technicians are likely to find the problem even worse. That’s because Windows 7 is going end-of-life in January 2020. The sunsetting of Windows 7 will cause security and compliance issues for your clients, and emergence of the BlueKeep vulnerability (and the near-certain emergence of similar issues) will cause difficult ramifications on its own.
Just How Big is the Windows 7 Issue?
With the shortening window (sorry) before Windows 7 goes end-of-life for good, you’d expect a sense of urgency in many businesses. Unfortunately, urgency is in short supply.
- As of January 2019, 3.69% of businesses that use the Windows operating system were still using Windows 7. In fact, it took four years for Windows 10 to beat the popularity of its predecessor.
- In the banking industry, only 50% of ATM vendors and operators are ready to migrate their machines from Windows 7 to Windows 10.
- In the healthcare industry, 70% of computers and medical devices still run Windows 7.
Companies have been slow to upgrade from Windows 7 for a number of reasons—namely, the operating system is stable, attractive, and easy to use. It avoids the perceived missteps of its successor, Windows 8. Most importantly, however, upgrading to Windows 10 can be difficult and slow.
It falls to MSPs to drag their clients out of inertia. There are very good reasons to do this! Leaving aside the immediate security vulnerabilities (more on that later), the issues around compliance are more than enough incentive. Both HIPAA and PCI require covered entities to store their data on secure systems—and an operating system that can no longer receive security updates is by definition insecure.
The Reality of Upgrading from Windows 7
First, let’s be fair to Microsoft—upgrading from Windows 7 to Windows 10 is not that difficult. Business and enterprise users can use multiple well-supported deployment scenarios to get from 7 to 10. Microsoft recommends an in-place upgrade for companies that are upgrading, although some deployment scenarios will force you to use wipe-and-load.
The real issue will arise when it comes time to update the applications that are running on top of the Windows 7 operating system. Some of these applications might not be compatible with Windows 10, which will require the company to purchase a new license or find an alternative. Other applications may require a patch, which means more time added to the upgrade process. What’s more, some of these patches may not work, or may break other dependencies.
In short, the core task of upgrading to Windows 10 may be relatively simple, but the cascade of ancillary patches and upgrades will massively increase the MSP workload.
BlueKeep Vulnerability Advances the Clock on Windows 7 Upgrades
As if the 2020 deadline weren’t enough of an issue, along comes BlueKeep. BlueKeep is a wormable vulnerability that uses a weakness in RPD to allow attackers to execute arbitrary code on Windows 7 desktops and earlier. “Wormable” means than one infected computer can automatically infect another. Since approximately one million systems are vulnerable to BlueKeep, the first hacker that figures out an exploit will be able to cause an incident on roughly the same scale as WannaCry or NotPetya.
The good news is that there is a patch for BlueKeep available right now. We hope you’ve patched already. Although the patch for BlueKeep appears relatively stable, there’s always a chance that a new patch may affect your specific configuration in an unexpected way.
In this happens, you have a dilemma. Do you spend the effort necessary to fix your configuration until it accepts the BlueKeep patch—bearing in mind that you’re patching a system that will become obsolete in a few months? Do you upgrade to Windows 10 ahead of schedule, obviating the need to patch, but generating a lot of extra work for yourself in the process?
Regardless of what you choose now, keep in mind that attackers are hard at work. There will be an exploit for BlueKeep soon—and there’s no guarantee that other deadly Windows 7 zero days won’t also pop up in the very near future.
Automate and Outsource Patch Management to Ease Win7 Headaches
to a dismal scramble over the next six months as they work to lift their clients up to Windows 10. What if there were another way?
By outsourcing patch duties to ad advanced NOC armed with automation tools, MSP technicians can get over the hassle of the Windows 7 upgrade. NOC technicians can help you turn around the work of deploying Windows 10, while automated systems can evaluate patches for dependent applications. In this way, you can perform a valuable service for your clients while giving yourself enough time to work on more interesting and rewarding projects.
The Windows 7 EOL combines all the worst parts of patch management with tight deadlines and outsized consequences. If you’d like to lift yourself out of the mire, download our RMM white paper and learn about how (and why) you should outsource patch management today.
The Continuum platform anticipates and tackles MSPs’ next challenges—enabling them to grow with confidence. Learn more about how to avoid technician agitation, pain and burnout in our new eBook, which you can download here!
By Gretchen Hoffman
By Gretchen Hoffman