Advisory ID: NCC-CSIRT-1702-011
Summary: Microsoft will no longer support Windows 10, version 20H2 for enterprise and education in three months, on May 9, 2023. Therefore, these versions of Windows 10 will no longer be receiving security updates to patch critical vulnerabilitie
Vulnerable Platform(s): Windows Operating Systems
Threat Type:
- Vulnerability
Product : Windows 10
Version: Versions 20H2 of Enterprise, Enterprise Multi-Session, Education, and IoT Enterprise Editions.
Description: Windows 10 Enterprise, Enterprise multi-session, Education, and IoT Enterprise were released back in October 2020 and will reach the end of service (EOS) in May 2023. After the EOS date is reached, Windows 10 20H2 devices running Enterprise and Education editions will no longer receive monthly quality or security updates containing bug fixes and patches to protect them from recently discovered security threats.
Consquences: An OS that is no longer supported with patches and security updates will be prone to attacks as any inherent vulnerability that may be exposed will remain untreated. Consequently, it is not recommended that such an OS be in use especially for sensitive functions.
Impact/Probability: CRITICAL/HIGH
Solution :
Those who are still running Windows 10 version 20H2 might think about upgrading utilizing the following options:
- Upgrade to Microsoft’s latest OS – Windows 11 – if your devices meet up with its strict hardware requirements.
- If your hardware does not meet up with the technical requirements for Windows 11, then upgrade to the latest version of Windows 10.
References:
https://learn.microsoft.com/en-US/lifecycle/announcements/windows-10-20h2-enterprise-education-eos
https://www.bleepingcomputer.com/news/microsoft/windows-10-20h2-for-enterprise-reaches-end-of-service-in-may/
https://learn.microsoft.com/en-us/lifecycle/products/?terms=windows
https://support.microsoft.com/en-gb/windows/serviced-versions-of-windows-10-frequently-asked-questions-0543e712-b23e-b6c0-034a-45d7b559ae88