Microsoft to provide free updates for voting systems running Windows 7 through 2020

Microsoft to provide free updates for voting systems running Windows 7 through 2020

Microsoft announced Friday that it will provide free security updates for federally certified voting systems that run Windows 7 through the 2020 elections, delaying the threat of voting taking place on unpatched equipment. 

Microsoft launched Windows 7 in 2009, and committed to providing security updates to all systems running Windows 7 for 10 years. The updates were due to cease as of January for voting equipment running Windows 7, which makes it easier for malicious actors to find cyber vulnerabilities in the machines and interfere in elections.


Prior to Friday’s announcement, Microsoft was planning to provide “extended security updates”  for Windows 7 systems through January 2023, but customers would have to pay a fee for each device that required the updates. 

Tom Burt, the corporate vice president of Customer Security and Trust at Microsoft, announced in a post about the free security updates that Microsoft made this decision in part due to the short amount of time left to update voting systems prior to the 2020 elections.

“As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7,” Burt wrote. “We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process – a process we are working with government officials to update and make more agile.”

The decision by Microsoft came two months after The Associated Press reported that the vast majority of the country’s 10,000 election jurisdictions are running Windows 7 or even older operating systems to “create ballots, program voting machines, tally votes, and report counts.” 

Burt noted on Friday that Microsoft plans to work with voting equipment manufacturers that have sold equipment running Windows 7 to ensure the operating system is successfully updated. 

At least one member of Congress has expressed serious reservations about the unpatched voting systems.

Sen. Ron WydenRonald (Ron) Lee WydenHillicon Valley: Government used Patriot Act to gather website visitor logs in 2019 | Defense bill leaves out Section 230 repeal, includes White House cyber czar position | Officials warn hackers are targeting vaccine supply chain Government used Patriot Act to gather website visitor logs in 2019 Despite veto threat, Congress presses ahead on defense bill MORE (D-Ore.) in July demanded answers from the Election Assistance Commission (EAC) as to how it planned to address what Wyden termed a “looming cybersecurity crisis.”

“Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote to EAC Chairwoman Christy McCormick. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.”

All four EAC commissioners on Friday applauded Microsoft’s announcement, saying in a joint statement that the decision is “welcome news” in light of the upcoming elections.

“Election administrators and advocates had rightly voiced concern that budget limitations would hinder their ability to pay for extended Windows 7 support and could lead to election security challenges,” the EAC commissioners said. “Voters can now cast their ballots with confidence knowing that Microsoft and the election community have worked together to reach a suitable and necessary resolution to this pressing issue.”

The free Windows 7 security updates are part of Microsoft’s Defending Democracy Program, launched in 2018, which aims to protect campaigns from hacking operations, increase transparency of online political advertisements and defend against disinformation campaigns.