[German]Still using Windows 7 and interested installing the security updates from February 2020, although support for the operating system in January 2020 has fallen out of support? In this blog post I will outline an overview of several options.
I waited until early March 2020 to see if there were serious vulnerabilities in Windows 7. Currently a Windows 7 system needs the security updates for February 2020 mentioned within the two blog posts below.
- Patchday: Updates for Windows 7/8.1/Server (Feb. 11, 2020)
- Internet Explorer Security Update KB4537767 (Feb. 2020)
If possible, these two updates should be installed on Windows 7 SP1 to protect the system against vulnerabilities.
The status of my ESU system
I have equipped my computer with Windows 7 SP1 Ultimate I use on a daily base with an ESU license for one year. So the system should receive security updates via Windows Update. Unfortunately, this is not the case – although an allegedly valid and activated ESU license is available, there is no sign of automatic security updates. But I'm not alone, some other people are facing the same.
When I run the update troubleshooter for Windows 7, an error is reported, but it cannot be fixed. On the other hand, Windows 7 updates for Microsoft Security Essentials (MSE) via Windows Update are received. I've no clue, why ESU failed partially, and I don't have the nerve to investigate further where the ESU license is now stuck and why Windows Update doesn't find any security updates on the system.
I have solved the situation very pragmatically for this system. Since I did not have installed rollup updates via Windows Update in the past – I use security-only updates – I downloaded the Windows 7 SP1 security-only update KB4537813 and the security update KB4537767 for IE 11 from February 2020 manually from the Microsoft Update Catalog and then also manually installed it. This worked due to the ESU license on that machine.
Update Installation with BypassESU
In forums, some people have posted the tool BypassESU, which is supposed to enable to receive further updates via Windows Update even without an ESU license in Windows 7 SP1. In my German blog there was this discussion on February 12, 2020, dealing with the fact, that older version doesn't work anymore. But the developers have released an updated version that enabled to install the February 2020 updates for Windows 7 SP1.
The colleagues at ghacks.net has an article about BypassESU about this tool. And German site deskmodder.de offers within this article a download link for BypassESU-v5.7z . The .z archive file need to be unpacked (password is 2020) into a local folder. A readme explains how to install. This should allow the update installation to work even without an ESU license.
I have tested this variant on a netbook with Windows 7 SP1 Home. The experience is not really positive.
- While the updates were installed without problems until January 2020, the attempt to install February 2020 Security-only update KB4537813 constantly drops an error message that the Module Installer needs to be updated. The KBs linked in the KB posts did not work because the hotfixes were no longer present.
- Finally I tried the following approach without success and then let Windows Update check for updates. It was an update orgy of sorts, with updates being installed backwards from December 2019 to September 2019. At some point I was able to install the security-only update KB4537813.
For users who like to experiment this is surely a way – for the average user this road it's probably to stony. On Facebook I also received an note from a user telling me that the solution caused issues with autostart, which remained even after uninstalling. I didn't verify that.
Patch Windows 7 without ESU/BypassESU
I got this German comment von Blog-Leser Ralf Lindemann (danke). by blog reader Ralf Lindemann (thanks). The colleagues of German site deskmodder.de have described a solution here to install the updates for February 2020 without BypassESU. An English explanation is available from Martin Brinkman at ghacks.net (see the section 'Our colleagues over at Deskmodder found another option that supports the installation of the latest SSU').
On my netbook I had no success with this attempt because the module installer was reported as outdated. I then took the approach described in the previous section and had success to install the missing security-online updates manually. But I could not say, which of the two solutions outlined here did the trick.
My overall conclusion: Using the ESU approach whether from Microsoft (payed) or the alternative solution, it's a mess. In part 2 I show how I used the 0patch agent to secure a second netbook on which the above solutions with ByPassESU did not work at all (the batch files crashed).
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
Wow! Windows 7 get extended support until January 2023
Windows 7: Free Extended Update Support and usage
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
Cookies helps to fund this blog: Cookie settings