[German]As of May 11, 2021, several Windows 10 versions are out of support and have reached their End of Life, meaning they will no longer receive security updates in the future. Microsoft recommends upgrading to current Windows 10 builds, but not every user can do that. The security provider ACROS Security has now announced that it will provide security patches for Windows 10 version 1809 for one year. Here is some information on this topic.
End of Support for Windows 10 V1809
I had already mentioned in the blog post Supportende für Windows 10 Version 1803, 1809 und 1909 that the following Windows 10 versions received security updates for the last time on May 11, 2021.
- Windows 10 Version 1803 Enterprise und Education
- Windows 10 Version 1809 Enterprise und Education
- Windows 10 Version 1909 Home und Pro
So End of Support is reached, and users will be forced to upgrade to newer Windows 10 buildy by Microsoft. Only owners of a Windows 10 Enterprise LTSC 2019, that's built on Windows 10 Pro version 1809, will continue to receive security updates. In my German blog a discussion arose as to whether perhaps updates to this LTSC version can continue to be used for existing Windows 10 V1809 installations. I think this is unlikely, but we will have to wait and see.
Windows 10 successor versions with issues
Microsoft did recently remove the last upgrade blockers for Windows 10 versions 2004 and 20H2, as I reported in the blog post Windows 10 V2004/20H2: All upgrade blocks removed (May 2021). However, it remains to be seen whether all versions can be upgraded without any problems. Not every user of a Windows 10 version 1809 installation will therefore enthusiastically want to switch to the successors Windows 10 2004 or 20H2. After all, these versions definitely had their quirks when they were released, as people point out in this article.
0Patch offers another year of security fixes
Due to the issues outlined above, a little note for people who want to continue using Windows 10 version 1809 even though Microsoft is no longer providing security updates. Mitja Kolsek, the founder of ACROS Security, brought the following tweet to my attention.
Apparently, ACROS-Security has also noticed the problems with Windows 10 2004 and 20H2, as well as the desire of some business customers to stay with Windows 10 version 1809. In this post, Kolsek writes of customer inquiries in recent months asking about alternatives to upgrading from Windows 10 version 1809 to successor versions.
With this in mind, Mitja Kolsek has decided to provide security support for Windows 10 version 1809 (build 10.0.17763) for another year via ACROS Security and its 0patch solution. Starting in May 2021, initially for one year, the company will actively collect information about security vulnerabilities affecting Windows 10 version 1809. This will also include vulnerabilities that will be patched by Microsoft in the future in Windows 10 versions that are still supported.
Based on the internal risk criteria, ACROS Security then plans to micropatch Windows 10 version 1809, if affected. These micropatches will be distributed for users of 0patch PRO and Enterprise licenses, along with all other micropatches ACROS Security issues. This means that users who protect their Windows 10 version 1809 with 0patch will also receive our occasional micropatches for "0day" vulnerabilities in various products.
ACROS Security and its 0patch solution are well known, as they provide micropatches for the out-of-support Windows 7 and Windows Server 2008 R2 for a small price. Notes on how the 0patch agent works, which loads the micropatches into memory at runtime of an application, can be found in the blog posts (like here).
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2
0patch supports Office 2010 with micro patches after the end of support (EOL)
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library
0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1048 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1015 in Windows 7/Server 2008 R2
0patch for 0-day RCE vulnerability in Zoom for Windows
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability
0patch fixes CVE-2020-1113 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1337 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1530 in Windows 7/Server 2008 R2
0patch fixes Zerologon (CVE-2020-1472) vulnerability in Windows Server 2008 R2
0patch fixes CVE-2020-1062 in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1300 in Windows 7/Server 2008 R2
0patch fixes 0-day vulnerability in Windows 7/Server 2008 R2
0patch fixes CVE-2020-1013 in Windows 7/Server 2008 R2
0patch fixes a Local Privilege Escalation 0-day in Sysinternals PsExec
0patch fixes Windows Installer 0-day Local Privilege Escalation vulnerability
0patch fixes 0-day in Internet Explorer
0patch fixes CVE-2021-26877 in the DNS server of Windows Server 2008 R2
0patch fixes Windows Installer LPE-Bug (CVE-2021-26415)
Cookies helps to fund this blog: Cookie settings