Microsoft: Free Windows 7 security updates for 2020 election

Windows 7

Microsoft said Friday it will offer free security updates through the 2020 election in the United States—and in other interested democratic countries with national elections next year—for federally certified voting systems running on soon-to-be-outdated Windows 7 software.

An Associated Press analysis previously found that the vast majority of 10,000 election jurisdictions in the U.S. use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.

Windows 7 reaches its "end of life" on Jan. 14, meaning Microsoft stops providing free technical support and producing "patches" to fix software vulnerabilities, which hackers can exploit. Cash-strapped election officials are scrambling to address this issue and what's essentially a one-year extension on additional costs.

The promise of free updates does not address the cost of putting them in place or the time and cost of certifying such changes to a voting system. Fixing a new vulnerability requires that the companies resubmit the voting system for recertification, which can take weeks or even months.

At a U.S. Election Assistance Commission forum last month, Microsoft's Ginny Badanes, who heads its Defending Democracy Program, said that election administrators should not be forced to make the difficult choice of "using election systems with known vulnerabilities or applying security patches and, in so doing, taking their systems out of certification."

The commission develops voting system guidelines.

In a blogpost Friday, Microsoft's vice president for security and trust, Tom Burt, said the company is working with government officials to try to streamline the lengthy certification process.

Even if that happens, making the fixes is still difficult because election systems cannot legally be changed, for example, while administering military absentee ballots 45 days before the election.

"If an important patch comes out three to four weeks before an election, it causes us to wait to implement because we can't interfere in the election process that is already in motion," said Louisiana's top election official, R. Kyle Ardoin, at the commission forum.

The commission, in a statement, praised Microsoft's move.

"Election administrators and advocates had rightly voiced concern that budget limitations would hinder their ability to pay for extended Windows 7 support and could lead to election security challenges," the commission said. "Voters can now cast their ballots with confidence."

Maria Dill Benson, a spokeswoman for the National Association of Secretaries of State, said in an email that "receiving this support will be a huge help to many."

Critics say the situation is an example of what can happen when private companies, with commercial interests, ultimately determine the security of election systems with a lack of federal requirements or oversight.

Kevin Skoglund, chief technologist for Citizens for Better Elections, said the extension of support was helpful, but did not address the larger issues of the slow certification process and eventual labor costs.

Nor, he said, does it "change the fact that scarce federal, state, and local dollars are being spent on nearly-expired software."

ES&S, the nation's largest voting systems vendor, does not have a federally certified voting system with the latest, Windows 10 operating system on the market. Such a system was recently submitted for federal certification.

Spokeswoman Katina Granger said in a statement that the company was pleased by the free security updates and "will be communicating soon with our customers on the distribution of any updates."

Explore further

Expert: Many Wisconsin elections clerks use outdated systems

© 2019 The Associated Press. All rights reserved.

Citation: Microsoft: Free Windows 7 security updates for 2020 election (2019, September 20) retrieved 14 October 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Sep 20, 2019
Yes, but consider the alternatives.

a) develop your own operating system, API, ABI, etc. which is full of holes and bugs that take N iterations to close up.

b) use some of the open source OS systems like Linux, which you then have to audit anyways to see if there are any obvious security holes, which you may miss, where the source code you're using is visible to everyone else as well - so if you miss a security hole, others might not.

c) hire competent engineers who can actually implement a simple voting machine without relying on commercial OSs to provide the high level functionality , since these are effectively single-purpose machines that don't need to run a web server and a JAVA virtual machine to display a simple selection menu.

Option C would be the only viable alternative to using Windows, but practically speaking, there are no such engineers available on the market.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more