[German]Good news for users of Windows 7 SP1 and Windows Server 2008/R2. Support for these operating systems is phasing out, but 0patch plans to continue providing security fixes after the End of Life (EOL).
Support end at January 14, 2020
Windows 7 SP1 and Windows Server 2008/R2 will reach their planned End of Life (EOL) at the beginning of 2020. On January 14, 2020, Microsoft distribute the last security updates for Windows 7 SP1 and Windows Server 2008/R2 to all users. This means that by February 2020 you will be on the safer side when it comes to providing security updates.
What happens afterwards is still a little unclear. Microsoft provides the Extended Security Update Program (ESU) for enterprises Software Assurance. The systems get security updates until 2023. Contrary to earlier plans, this is even free of charge for the companies in the first year.
In addition it could be that patches for Windows 7 Embedded Standards also fit for Windows 7 SP1, because Windows 7 Embedded Standard still gets support until 10/13/2020, and Windows Embedded POSReady 7 has support until 10/12/2021. In addition, I'm not so sure that Microsoft won't provide security updates for large security holes that become known after the EOL. For voting computers, there will be more free Windows 7 updates for 2020, as the following tweet signals.
Summit, Microsoft announced free security updates for certified voting machines running Windows 7 through 2020. #electionsecurityhttps://t.co/DG3OuftVvq
— Tom Burt (@TomBurt45) September 20, 2019
0patch plans fixes for Windows 7/Server 2008/R2
The provider 0patch has announced that it will provide security fixes for Windows 7 SP1 and Windows Server 2008/R2 after the end of support for Windows 7/Server 2008. On askwoody.com you can find the following quote:
After Microsoft ends support for Windows 7 and Windows Server 2008 on January 14, 2020, 0Patch platform will continue to ship vulnerability fixes to its agents.
"Each Patch Tuesday we'll review Microsoft's security advisories to determine which of the vulnerabilities they have fixed for supported Windows versions might apply to Windows 7 or Windows Server 2008 and present a high-enough risk to warrant micropatching"
Micropatches will normally be available to paying customers (Pro – $25/agent/year – and Enterprise license holders). However, Kolsek says that there will be exceptions for high-risk issues that could help slow down a global-level spread, which will be available to non-paying customers, too.
After Microsoft discontinues support for Windows 7 and Windows Server 2008 on January 14, 2020, 0patch will continue to provide fixes for its agents. Every patchday, the company will analyze the vulnerabilities reported by Microsoft and develop micropatches for its patch agent. Typically, this support costs $25 per machine per year for registered users. But 0patch wants to provide important patches free of charge to the general public – as you can see in the following tweet.
Micropatching Keeps Windows 7 and Windows Server 2008 Secure After Their End-Of-Support https://t.co/1TF6HHfwPD pic.twitter.com/oSMHxOpicr
— 0patch (@0patch) September 20, 2019
Details can be found in this blog post by Mitja Kolsek. I mentioned 0patch here from time to time with regard to fixes for which Microsoft or other software vendors did not offer updates (see link list).
Third party 0patch closes FoxIt vulnerability
Micropatch for UNACEV2.DLL vulnerability CVE-2018-20250
Micro Patch for Windows 0-Day file write vulnerability
New Windows 0-day-vulnerability (12/20/2018)
Cookies helps to fund this blog: Cookie settings
I have had a couple of exchanges of views with Mitja Kolsek which persuade me that 0patch is a thoughtful, reputable and competent business.
Your comments about 0patch should encourage more to use its services. I have found 0patch to be light on resources and non-intrusive on what is old (2006) hardware runing Windows 7 Ultimate 64bit . The free version is therefore well worth installing for the occasional possibility of micropatches for critical security vulnerabilities.
Using 0patch in combination with OSArmor 1.4.3 (all protections enabled), Malwarebytes Anti-Exploit and Windows 7's proper ASLR performance and a good AV like AVG or Avast should reasonably ensure Windows 7's integrity BUT while also avoiding using it for critical applications like online banking.
Having a working reliable Windows 7 system is some reserve capability in case Microsoft screws up Windows 10. An update free system has its benefits.