Skip to content

Duke University Unsupported OS Quarantine UPDATE

By: John Straffin

(tl;dr: Windows 7/2008/R2 quarantines delayed to February 11, 2020. Pre-existing EOL OS quarantines to start July 31, 2020. We still have a lot of work ahead.)

Instead of the previously announced date of January 30, 2020, quarantines of Windows 7/2008/R2 devices from the Duke University network will now begin on *February 11, 2020*. This rescheduling is based on two factors:

  1. The true threat to Windows 7/2008/R2 will come on the “Patch Tuesday” *after* the EOL date for the OSes, which is this next “Patch Tuesday” on February 11. It is at this time, when Microsoft ostensibly releases patches that affect vulnerabilities in *supported* versions of Windows, that individuals will then look for the same vulnerabilities in *unsupported* versions of Windows, likely finding that some do indeed exist and can be exploited.
  2. The previous ITSO policy regarding quarantines of Windows XP/2003/R2 from the Duke University network was scheduled using this same logic.

Please note that the ITSO reserves the right to immediately quarantine devices running unsupported operating systems if a vulnerability of significant severity is announced before the scheduled quarantine date.

In addition, as hinted at previously, quarantines for operating systems that have already reached EOL (but had not been widely discussed) will start on July 31, 2020. This allows six months to plan and remediate these older unsupported operating systems over summer before the Fall Semester starts in August.

As promised in last week’s Endpoint Management Meeting, below is the information from the slide presentation with numbers and dates for both currently and soon-to-be unsupported operating systems on the Duke University network. The numbers are from January 16, but they likely haven’t changed much since then (in fact, due to reporting changes, some have gone *up*!). We’ve cleaned up a few discrepancies and added quarantine dates to the slide information.

SLIDES:
=====
Unsupported Operating Systems
It’s worse than you think. O_O
#srsly
=====
Unsupported NOW (Quarantine Date: February 11, 2020)
– 558 Windows 7 devices
– 97 Windows Server 2008/R2 devices
– Viewable as “running an unsupported Operating System” in your Planisphere Dashboard right now.
=====
ALSO Unsupported NOW (Quarantine Date: July 31, 2020)
– 10 Windows XP/Vista devices
– 98 Fed29/RHEL5/Deb8/Ubu14 and older
– 262 Windows 10 (1511), (1607), (1703), Home/Pro (1709), Home/Pro (1803)
– 1035 macOS 10.12 and older
– ALSO viewable as “running an unsupported Operating System” in your Planisphere Dashboard right now.
=====
Unsupported in 2020 (Quarantine Date: Approximately 30 Days After EOL)
– 281 Windows 10 Enterprise (1709) (14 April, Quarantine: 12 May)
– 160 Windows 10 Home/Pro (1809) (12 May, Quarantine: 9 June)
– 1036 macOS 10.13 (End of September-ish, Quarantine: End of October-ish)
– 2090 Windows 10 Enterprise (1803) (10 November, Quarantine: 8 December)
– 785 Windows 10 Ent/Home/Pro (1903) (8 December, Quarantine: 12 January 2021)
– ALL THE LINUX 6s!!! (763) (30 November, Quarantine: 31 December)
=====
Unsupported in 2021 (Quarantine Date: Approximately 30 Days After EOL)
– 2916 Windows 10 Enterprise (1809) (11 May)
– 94 Windows 10 Home/Pro (1909) (Also 11 May)
– 74 Ubuntu 16.04 (25 April)
-3058 macOS 10.14 (End of September-ish)
=====
So, What NOW?!
– Finish Windows 7/2008/R2 efforts
– Start “catch-up” efforts with older OSes
– ALSO Start on Win10 (1709), macOS 10.13, Linux 6
– BE READY to keep this up. Windows and macOS OSes should be upgraded EVERY TWO YEARS.
=====
DISCUSSION POINTS AFTER SLIDES:
– With Windows XX09 builds on a 30-month support cycle and macOS on a 36-month support cycle–both starting in or around early October–IT groups should get used to upgrading 27-month-old OSes starting in January. Whether IT groups install the new 3-month-old OS (allowing for a two-year refresh cycle) or the tested 15-month-old OS (requiring a one-year refresh cycle) is up to them. Participating in the Apple Beta program or Windows Insider program can give IT groups time to test *before* the new OS is released.
– ALL Windows 10 Home/Pro builds have an 18-month support cycle. ALL Windows 10 Enterprise XX03 builds have an 18-month support cycle. Unless IT groups are prepared to commit to a one-year refresh cycle for even a subset of their devices, *nobody* should be installing (or leaving installed) Windows 10 Home/Pro or Windows 10 Enterprise XX03 builds in general production.
– We’re working on a way to get “warning” information in Planisphere, but in the meantime, please reference the above schedule, which shouldn’t change much if at all.
=====

Thanks! Let us know if you have any questions or concerns.

Categories: News