However, it seems that most companies are in no hurry to drop the no longer supported Microsoft operating system based on a poll by the corporate company for content delivery.
Microsoft has been trying to herd users to Windows 10 since it made the 'end of life' announcement previous year; however, Google believes some companies may still be running Windows 7 or in mid-transition. Don't expect any patches or help from Microsoft if any issues arise.
He added that revealing the news is more interesting than the bug itself and speculated as to why the security organisation chose to reveal this information.
Microsoft urges customers to purchase a full version of Windows 10 Home - prices start from $A225.00 - or to purchase a new PC which include the the operating system as standard.
"If it's been a long time since you bought a new computer it may not make sense to install $170 worth of software on a computer that is five to seven years old", Saltzman said.
It can hardly have escaped your attention that yesterday was the day Microsoft stopped supporting Windows 7. Businesses that still decide to keep Windows 7 will be able to get updates, but it will cost them. Even more so than others.
As a way of warnings users and promoting Windows 10 at the same time, Microsoft installed a program called EOSNotify in the December Windows 7 KB4530734 Monthly Rollup.
Details: The vulnerability was rated "important", Microsoft's second highest rating, because exploiting it requires user interaction. Other issues besides the vulnerability discovered by the NSA can be found in the Security Guidance list for January 2020.
The NSA is advising organisations to apply the latest patches immediately or, at the very least, to prioritise systems that host critical infrastructure like DNS servers, VPN servers, or domain controllers.
Microsoft has been warning users for months it would cease support on January 14, even with a third of all personal computer users still running Windows 7. A National Security Agency advisory indicates that the vulnerability could be used for man-in-the-middle attacks against secure HTTP (HTTPS) connections, as well, and to spoof signed files and emails.
If left unpatched, a sophisticated attacker could use the vulnerability to fake digital certificates that are used as part of encrypted communications within Windows, according to Microsoft and the NSA.
The patches address the vulnerability CVE-2020-0601 in the usermode cryptographic library, CRYPT32.DLL, that affects Windows 10, Windows Seerver 2016 and Server 2019 systems.