End Of Life (EOL) in software refers to the phase when a developer or vendor officially ceases to provide updates, support, or security patches for an application or operating system, making it obsolete and often risky to use.
Software EOL definition
EOL means that a developer or manufacturer ends support for a product, discontinuing updates, bug fixes, and technical assistance. This marks the last point in the software lifecycle, after which the product is considered outdated and vulnerable. Sometimes EOL is preceded by “End Of Support” (EOS), when only security updates might be provided for a limited time.
Software EOL examples
All kinds of software can reach EOL: operating systems, programming languages, PC applications, mobile applications, firmware, ERPs…
- Windows 7: January 14th, 2020.
- Windows Server 2008: January 14th, 2020.
- CentOS 6: November 30, 2020.
- Debian 9: July 1st, 2022.
- Magento 1: June 30, 2022.
- Adobe Flash Player: December 31, 2020
- Internet Explorer (IE11): June 15, 2022
- Ubuntu 16.04 LTS: April 30, 2021
- MacOS Mojave: November 30, 2021
- Python 2.7: January 1, 2020
- Windows 10 (all editions): October 14, 2025
- Windows 11 (Version 22H2): October 14, 2025
- Windows 11 (Version 23H2): November 11, 2025
- Windows Server 2023 Annual Channel (23H2): October 24, 2025
- Microsoft Office 2016 & 2019: October 14, 2025
- Exchange Server 2016 & 2019: October 14, 2025
- FortiOS 7.0: September 2025
- Ubuntu 20.04 LTS: April 23, 2025
- Visual Studio App Center: March 31, 2025
What are the drivers behind software EOL?
Software reaches EOL due to several key factors:
- Technological advancements: new software releases make older versions obsolete.
- Market changes: shifts in user demands or emergence of better solutions.
- Maintenance costs: it becomes costly or impractical to maintain old software.
- Vendor strategy: companies might shift focus or resources away from legacy products
These factors ensure business transition to more secure, efficient, and modern solutions over time.
Why does software EOF matter?
One might care about software EOL because continuing to use unsupported products exposes them to security vulnerabilities, compliance risks (specially for industries with strict regulations such as finance or healthcare), and operational inefficiencies, including integration problems and lack of new features. Attackers often target EOL systems, as seen in the 2017 WannaCry attack against Windows XP.
A major issue caused by criminals exploiting EOL software
The 2017 WannaCry attack is a textbook example of how End Of Life (EOL) software can be exploited due to unpatched vulnerabilities, with the ransomware targeting outdated Windows operating systems — especially Windows XP, which was no longer supported by Microsoft at the time.
How WannaCry Targeted EOL Software
WannaCry leveraged the “EternalBlue” exploit against a flaw in Microsoft’s SMB protocol. While Microsoft had already issued a patch (MS17-010) for supported systems in March 2017, many machines running EOL versions such as Windows XP and Windows Server 2003 did not receive the update. As a result:
- Criminals were able to gain access and install the ransomware worm.
- Because support was discontinued, there was “no way to remediate” the vulnerability promptly on those EOL systems.
- WannaCry spread rapidly across networks, encrypting files and demanding ransom payments.
Impact of the WannaCry Attack
Over 200,000 computers across 150 countries were affected, including critical infrastructure and healthcare systems.
One of the hardest-hit organizations was the UK’s National Health Service (NHS), which suffered operational shutdowns, ambulance diversions, and canceled appointments — costing an estimated ÂŁ92 million.
Other major corporations affected included Nissan, Renault, TelefĂłnica, FedEx, and Deutsche Bahn.
The global damage from WannaCry is estimated at $4 billion in financial losses.
Most of the infection occurred because organizations continued to use unsupported, EOL systems without proper patches or mitigation strategies, demonstrating the severe risk of relying on obsolete software for essential operations.
Key Lesson
The WannaCry incident highlights why abandoning EOL systems is vital: once support ends, newly discovered vulnerabilities will not be fixed, making the software a prime target for cybercriminals and jeopardizing critical business, healthcare, and government functions.
Leave a Reply