[German]Microsoft released an updated version of its ESU update KB4538483 for Windows 7 SP1 and Windows Server 2008 R2 on May 5, 2020. Here is some information about what you need to know.
What is the ESU update KB4538483 for?
Update KB4538483 is for enterprise users of Windows 7 SP1 and Windows Server 2008 R2 who want to continue to receive security updates as part of the Extended Security Update Program after the support period ends on January 14, 2020.
I had reported here in the blog in more detail about this Extended Security Update Program, which is subject to a fee and only available for corporate customers (see links at the end of the article).
Details about ESU Update KB4538483
Update KB4538483 (Extended Security Updates (ESU) Licensing Preparation Package) is available for Windows 7 SP1 and for Windows Server 2008 R2 SP1. Microsoft writes about the purpose of the package:
This update provides the complete set of licensing changes to enable installation of the ESU MAK add-on key, which is one of the steps to prepare for installation of Extended Security Updates.
This means that the update will enable Windows 7 SP1 and Windows Server 2008 R2 SP1 to activate purchased ESU MAK keys so that you can continue to obtain and install Extended Security Updates via Windows Update, WSUS, or the Microsoft Update Catalog. Currently, however, I'm not sure what exactly Microsoft changed in the release of May 5, 2020 (the KB article was even updated to May 8, 2020). Let's see if my ESU machine can finally get security updates automatically via Windows Update after installing this patch.
How to get the ESU update KB4538483
It is important that Update KB4538483 is not distributed through Windows Update. For stand-alone systems, administrators must download the appropriate package for the Windows machine from the Microsoft Update Catalog and install it manually. Those who distribute their Windows machines through Windows Server Update Services (WSUS) can also distribute the update through this channel. After installation, a reboot is required in any case.
What you should know else
Update KB4538483 will not work unless an ESU key is present on the machine. Regarding the ESU key, Microsoft says:
- If the ESU key was previously successfully installed and activated on a Windows 7 SP1 client, you do not need to reinstall or reactivate the ESU key after you apply this update.
- If the ESU key was previously successfully installed and activated on your Windows Server 2008 R2 SP1 device, administrators might need to reactivate it.
To install this update, you must have the SHA-2 Update KB4474419, dated September 2019, and the Servicing Stack Update (SSU) KB4490628, dated March 12, 2019. Further details can be found in the support articles KB4538483 and KB4522133. There you can also find the note that Microsoft recommends to install the latest SSU (that would be KB4490628 at the moment) after installing KB4490628.
Users of Windows 7 SP1 who did not purchase an ESU license can rely on the ByPassESU solution (see Windows 7: Forcing February 2020 Security Updates – Part 1). The colleagues from deskmodder.de writes that the purchase of security updates with BypassESU-v6 (password 2020) still works. Details about this approach can be found in this article at deskmodder.de.
Wow! Windows 7 get extended support until January 2023
Windows 7: Free Extended Update Support and usage
Windows 7 Extended Security Updates (ESU) requirements
Windows 7 Extended Security Update (ESU) program available
Windows 7 Extended Security Updates (ESU) program, price and source for SMEs
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
Cookies helps to fund this blog: Cookie settings