Host OS reaching End of Support
Hazardous (3)
Non-platform specific
- Orca Best Practices
About End-of-Support (EOS) Software
Software products continue to receive updates and bug fixes until they hit their end-of-support (EOS). Vendors usually mark their older software versions as “approaching EOS” and issue a notification with the actual date.
After EOS, the vendor no longer provides any product technical support and isn’t required to fix any vulnerabilities or bugs subsequently discovered.
EOS is typically the last stage of a software’s lifecycle. If it’s approaching EOS, it’s essential to upgrade to a newer, supported version before that date arrives. Failure to upgrade can put your systems at risk of compromise.
Cloud Risk Description
Malicious actors take special interest in discovering EOS software vulnerabilities, as official patches never get released for them. If attackers learn of an exploitable vulnerability, all they have to do is locate a system running the EOS software to execute a successful attack. If the software is fundamental and/or has widespread use (e.g., an operating system), ramifications of an attack can be devastating.
How Can Orca Help?
Orca discovers neglected workloads, i.e., machines running an unpatched or unsupported OS. In addition, Orca alerts you to a host operating system reaching EOS in less than 90 days, as shown in the above screenshot . This enables you to upgrade the OS before the EOS date.
Recommended Mitigation Strategies
-
Once an operating system has been marked for EOS, upgrade to a newer version before the deadline.
-
Use trackers like endoflife.software and upcomingeol.com to monitor software marked as EOS.
Useful Links
- 5 Risks of Using End-of-Life Operating System: https://blog.cloudlinux.com/5-risks-of-using-end-of-life-operating-system
- Benefits of replacing legacy systems in business: https://dynamics.folio3.com/blog/legacy-system/
- End of Life software tracker: https://endoflife.software/
- Upcoming EoL: https://www.upcomingeol.com/
- Products Ending Support in 2021 – Microsoft: https://docs.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2021
- It’s Time to Retire Your Unsupported Things: https://insights.sei.cmu.edu/blog/its-time-to-retire-your-unsupported-things/
Orca Security, the cloud security innovation leader, provides cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.