[German]I'll take up a topic that is latently bubbling in the background: Will support for Windows 7 SP1 as well as Windows Server 2008 R2 and Windows 8.1 expire in January 2023? Or will there be a support extension for the Windows 7 track for years 4, 5 and 6 until January 2026? And what about extended ESU support for Windows 8.1 or its server counterparts?
January 2023 ist end of support?
On Jan. 14, 2020, Windows 7 SP1 reached its long-announced end of support – and there will be no more security updates by default. However, corporate customers had the option to purchase an ESU license for Windows 7 SP1 to continue receiving security updates between January 2020 to January 2023 at the latest. Microsoft has announced Extended Security Updates support (ESU) as a separate program for corporate customers for this purpose (see Wow! Windows 7 get extended support until January 2023).
The official end of support for Windows 8.1 is also approaching. Users already receive corresponding notices about this event (see Windows 8.1 now shows warnings "end of support in January 2023"). On January 10, 2023, on Microsoft Patchday, this operating system will receive security updates for the last time and will be considered "end-of-life" (EOL) from that point on, as you can read here. The operating system can still be used, but already in February 2023, no more known security vulnerabilities would be closed.
What is ESU?
After Windows 7 SP1 and Windows Server 2008 R2 reached the end of support on Jan. 14, 2020, and no longer received security updates by default, Microsoft offered a support extension. Corporate customers had the option since January 2020 to purchase an ESU license for Windows 7 SP1 and Windows Server 2008 R2 to continue receiving security updates between January 2020 to January 2023 at the latest. Microsoft has announced Extended Security Updates support (ESU) as a separate program for corporate customers for this purpose (see Wow! Windows 7 get extended support until January 2023). However, ESU licenses are only available for certain business variants of the operating systems.
Windows Server 2008 R2: ESU for 4th year
Microsoft's original plan for paid Extended Security Update Support (ESU) for Windows 7 SP1 and Windows Server 2008 R2 was for three years, from Jan. 14, 2020, to Jan. 10, 2023. In November 2021, it was revealed via the Techcommunity post Update: Extended Security Updates for Windows 7 and Windows Server 2008 that Microsoft was extending this ESU support for Windows Server 2008 R2 for another year. It states:
Update 2021.11.05: For Windows 7 SP1 and Windows 7 Professional for Embedded Systems, the Extended Security Update (ESU) Program will be entering its third and final year of extended support beginning on February 8, 2022 and ending on January 10, 2023.
For Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure, ESU will have one additional year of extended support available beginning on February 14, 2023, ending on January 9, 2024.
So those who need to continue running Windows Server 2008 R2 can buy extended support through Microsoft until January 9, 2024. Interesting is a German tweet from blog reader Karl to my old article. He writes that Microsoft still gave Windows Server 2008 R2 an ESU extension so that the Windows Update Catalog and Microsoft VLSC Server are still supported.
ESU for Windows Server 2012/R2
Windows Server 2012 and Windows Server 2012 R2will officially receive security updates until October 10, 2023. However, Microsoft has also set up an ESU program for these operating system versions for the years 2024 to 2026 (see End of Support announcement for Windows Server 2012/2012 R2, SQL Server 2012).
Administrators can also buy ESU licenses in Extended Support according to this website and then also still get security updates until October 13, 2026.
Will there be a Windows 7/8.1 ESU until 2026?
Some readers left comments within my blogs (referencing some internet articles), that they believe, that Microsoft will offer an Extended Security Update Support for Windows 7 SP1 beyond January 2023 and whether this also comes for Windows 8.1. German blog reader Harald L. has left a comment on August 25, 2022, which I pulled out here (and translated it):
Last night my WSUS synchronized new updates, apparently for an ESU extension. Interestingly not only for Win 7, Server 2008/2008R2 as before but now also for Win 8.1 and Server 2012/2012R2
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 8.1 (KB5017220) x64+x86
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows Server 2008 (KB5016891) x64+x86
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows Server 2008 R2 (KB5016892)
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 2012 (KB5017221)
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 2012 R2 (KB5017220)
2022-08 Sicherheitsupdate für Windows 7 (KB5016892) x64+x86
The latter for Win7, although completely different named only as "security update" is the same KB number as for Server 2008 R2 and also links to the KB page with the ESU preparation.
To August 26, 2022, the blog reader then added the following information:
Addendum: since today also the Win7 packages are called ESU Licensing Preparation Package in WSUS just like the others with the same KB number.
Something is happening – and I link to this German article from deskmodder.de, who already pointed out in July 2022 that Windows 7 SP1 could possibly get another three years of security updates. Basis is probably a finding of user Aboddi86, who wants to have found in the July 2022 updates for Windows 7 SP1 ESU licenses and keys for the additional years 4, 5 and 6.
However, it should be noted that other than my comments above, I am not aware of any plans to offer ESU support for Windows 7 SP1 and Windows 8.1 beyond January 2023. If I look at the names of the Extended Security Updates (ESU) Licensing Preparation Package files above, they correspond to the ESU support extensions for Windows Server 2008 /R2 and Windows Server /R2 mentioned above. However, it is interesting that the client operating systems Windows 7 SP1 and Windows 8.1 are explicitly mentioned. So it will be an exciting story if Microsoft comes around the corner with something like this in November 2022. If that happens, it will be exciting to see whether there will also be a bypass ESU that normal users can use to install the security updates on the Windows clients.
The 0patch solution
Addendum: I briefly checked with Mitja Kolsek from ACROS Security. They will provide micropatches for the 0patch agent as long as there are security updates for the respective operating systems. Here is the info:
Thanks for reaching out. Our understanding is that Server 2008 R2 will ran additional year of ESU but we didn't hear anything similar for Windows 7. In any case, 0patch will continue providing patches for both for at least one more year, while we're "security-adopting" additional Windows versions as they go out of support. We're currently providing critical security patches for Windows 7, Server 2008 R2, and Windows 10 versions 1803, 1809, 1903, 1909 and 2004, and plan to allow users to stay securely on Windows 10 for a long time to avoid forced (and often costly) migration to Windows 11.
Windows Server 2008/R2 will be covered for at least one year.
Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4
Windows 7: Securing with the 0patch solution – Part 2
0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities
Cookies helps to fund this blog: Cookie settings