Running an Old Version of Windows 10? Update by Oct. 10... Or Else
Users with old versions of Windows 10 should update their devices as soon as possible, as Microsoft has said it will no longer provide them with security and quality updates after tomorrow.
Released in July 2015, Windows 10 was billed as the "last" version of Microsoft's operating system because the new OS was designed to update on an ongoing basis via the cloud. However, users of enterprise-focused versions of Windows 10 can disable automatic updates if they believe those processes might interfere with their business operations.
Meanwhile, researchers with Google's Project Zero have warned that users of Windows 7 and 8 face potential hacking risks because they receive software updates less frequently than do Windows 10 users. The problem stems from "patch diffing," in which hackers noting security fixes for Windows 10 have time to exploit those vulnerabilities on older versions of the OS that have not yet been updated.
In other Windows news, Microsoft executive Joe Belfiore revealed in a series of tweets yesterday that the company is effectively ending its efforts to develop the Windows 10 Mobile platform. While it will continue to provide support and updates for the mobile OS, Microsoft will instead focus on improving how its systems work on the Android and iOS mobile platforms.
Avoid Becoming 'More Vulnerable'
According to a Microsoft support note, users running version 1511 or earlier versions of Windows 10 will stop receiving security and quality updates after tomorrow.
"Since version 1511 was released in November 2015, Microsoft has released additional feature updates that build upon each other, delivering the newest features and more comprehensive security," the note stated. "Windows 10 was designed as a service, whereby feature updates are required a couple times a year. For most consumers, both quality and feature updates are delivered automatically according to their Windows Update settings."
After tomorrow, devices on which those automatic updates have been disabled will still keep working. However, they could become "more vulnerable to security risks and viruses," Microsoft added.
Microsoft said users of Windows 10 Home, Pro, Education, and Enterprise should check to see what version their devices are running. If they're running version 1511 or earlier, they should manually update their devices to the current version, which is the Windows 10 Creators Update rolled out earlier this year. The Fall Creators Update is set to arrive on Oct. 17.
'False Sense of Security'
On Thursday, Google researcher Mateusz Jurczyk published an analysis on the Project Zero blog describing how Microsoft's handling of Windows updates leaves users of some versions more vulnerable to security risks.
"Patch diffing is a common technique of comparing two binary builds of the same code -- a known-vulnerable one and one containing a security fix," Jurczyk said. The same approach can be used to exploit differences between different versions of the same software product, he added.
"One example of such software is the Windows operating system, which currently has three versions under active support -- Windows 7, 8 and 10," he said. "While Windows 7 still has a nearly 50% share on the desktop market at the time of this writing, Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bugfixes only to the most recent Windows platform. This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."
Recent attacks on systems running older operating systems that hadn't been updated have also underscored the importance of keeping software up to date. For example, the widespread WannaCry ransomware attack earlier this year largely affected systems running older versions of Windows that are no longer supported with updates from Microsoft.
Going forward, Microsoft will also stop putting its focus on building new features and hardware for its Windows 10 Mobile operating system, according to Belfiore, a corporate vice president in the company's Operating Systems Group.
"We have tried very hard to incent app devs," Belfiore said in one tweet yesterday. "Paid money... wrote apps 4 them... but volume of users is too low for most companies to invest."
Windows 10 Mobile accounts for only 0.03 percent of the world's mobile OS market, according to the latest figures from the analyst firm IDC. Both Belfiore and Microsoft founder Bill Gates recently revealed they have switched to Android devices, and HP last week announced it plans to stop production of its Elite X3 Windows 10 phone.
Image credit: Product shots by Microsoft.