It has been a slow and painful death for IE 10, and now it appears Microsoft has decided to drive the final nail in the coffin of this often despised web browser.
The phrase I think you need to focus on in this article is “end of life”. The Cisco router in question was end of life and therefore no longer capable of receiving security updates or patches*. No level of diligence by downstream corporations or government agencies can defend against upstream entities running out of date and indefensible network components…or can they? A mandatory vulnerability scan or penetration test against the vendor network in question would have revealed this weakness.
Two pieces of advice this morning:
- Maintain your hardware and software investments. IT spends are not forever. Hardware must be updated on a regular basis based on manufacturer support standards. Software must be upgraded and regularly patched. Do not roll the dice. They always eventually come up snake eyes.
- Hold your vendors to a reasonable IT security standard. Require and review periodic testing. build enforceable language into your contracts and SLA’s. You are only as strong as the weakest link in your supply chain!
*Point of clarification – Thank you to @MrJeffMan for reminding me that “end of life” technically means that patches and updates are no longer being developed. Previously developed updates can be applied and special (often expensive) extended support options are often available for purchase.
No one can say that they did not know this was coming, but I must admit I am excited that the light at the end of the tunnel is visible. We are getting closer to a day when this patch management nightmare will be over. Rest in peace Adobe Flash….as soon as possible.
This should not come as a surprise to many of you, but we can all use this as a friendly reminder to evaluate all of our legacy systems and plan accordingly for decommissioning and replacement.
The death of SHA-1 is closer than you may think. Time to prepare and move forward.
EMET has been an important security tool for admins supporting older Windows OS versions and to see its end of life drawing near concerns me. This has the feel of another play to guide/force more users to Windows 10.
If you did not seeing this coming with Internet Explorer, given the all but forced upgrade process for Windows 10, then you were lying to yourself. I am especially surprised to see the complete abandonment of Windows 8.
This is a strong summary of the pitfalls associated with continuing to run Windows Server 2003 after the July deadline. Upgrading is an absolute necessity from a security and/or compliance perspective.