Will Microsoft provide ESU support for Windows 7/8.1 and Server beyond January 2023?

Update[German]I'll take up a topic that is latently bubbling in the background: Will support for Windows 7 SP1 as well as Windows Server 2008 R2 and Windows 8.1 expire in January 2023? Or will there be a support extension for the Windows 7 track for years 4, 5 and 6 until January 2026? And what about extended ESU support for Windows 8.1 or its server counterparts?


Advertising

January 2023 ist end of support?

On Jan. 14, 2020, Windows 7 SP1 reached its long-announced end of support – and there will be no more security updates by default. However, corporate customers had the option to purchase an ESU license for Windows 7 SP1 to continue receiving security updates between January 2020 to January 2023 at the latest. Microsoft has announced Extended Security Updates support (ESU) as a separate program for corporate customers for this purpose (see Wow! Windows 7 get extended support until January 2023).

The official end of support for Windows 8.1 is also approaching. Users already receive corresponding notices about this event (see Windows 8.1 now shows warnings "end of support in January 2023"). On January 10, 2023, on Microsoft Patchday, this operating system will receive security updates for the last time and will be considered "end-of-life" (EOL) from that point on, as you can read here. The operating system can still be used, but already in February 2023, no more known security vulnerabilities would be closed.

What is ESU?

After Windows 7 SP1 and Windows Server 2008 R2 reached the end of support on Jan. 14, 2020, and no longer received security updates by default, Microsoft offered a support extension. Corporate customers had the option since January 2020 to purchase an ESU license for Windows 7 SP1 and Windows Server 2008 R2 to continue receiving security updates between January 2020 to January 2023 at the latest. Microsoft has announced Extended Security Updates support (ESU) as a separate program for corporate customers for this purpose (see Wow! Windows 7 get extended support until January 2023). However, ESU licenses are only available for certain business variants of the operating systems.

Windows Server 2008 R2: ESU for 4th year

Microsoft's original plan for paid Extended Security Update Support (ESU) for Windows 7 SP1 and Windows Server 2008 R2 was for three years, from Jan. 14, 2020, to Jan. 10, 2023. In November 2021, it was revealed via the Techcommunity post Update: Extended Security Updates for Windows 7 and Windows Server 2008 that Microsoft was extending this ESU support for Windows Server 2008 R2 for another year. It states:

Update 2021.11.05:  For Windows 7 SP1 and Windows 7 Professional for Embedded Systems, the Extended Security Update (ESU) Program will be entering its third and final year of extended support beginning on February 8, 2022 and ending on January 10, 2023.

For Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure, ESU will have one additional year of extended support available beginning on February 14, 2023, ending on January 9, 2024.

So those who need to continue running Windows Server 2008 R2 can buy extended support through Microsoft until January 9, 2024. Interesting is a German tweet from blog reader Karl to my old article. He writes that Microsoft still gave Windows Server 2008 R2 an ESU extension so that the Windows Update Catalog and Microsoft VLSC Server are still supported.


Advertising

ESU for Windows Server 2012/R2

Windows Server 2012 and Windows Server 2012 R2will officially receive security updates until October 10, 2023. However, Microsoft has also set up an ESU program for these operating system versions for the years 2024 to 2026 (see End of Support announcement for Windows Server 2012/2012 R2, SQL Server 2012).

Windows Server 2012 R2 EOL

Administrators can also buy ESU licenses in Extended Support according to this website and then also still get security updates until October 13, 2026.

Will there be a Windows 7/8.1 ESU until 2026?

Some readers left comments within my blogs (referencing some internet articles), that they believe, that Microsoft will offer an Extended Security Update Support  for Windows 7 SP1 beyond January 2023 and whether this also comes for Windows 8.1. German blog reader Harald L. has left a comment on August 25, 2022, which I pulled out here (and translated it):

Last night my WSUS synchronized new updates, apparently for an ESU extension. Interestingly not only for Win 7, Server 2008/2008R2 as before but now also for Win 8.1 and Server 2012/2012R2

2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 8.1 (KB5017220) x64+x86
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows Server 2008 (KB5016891) x64+x86
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows Server 2008 R2 (KB5016892)
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 2012 (KB5017221)
2022-08 Extended Security Updates (ESU) Licensing Preparation Package for Windows 2012 R2 (KB5017220)
2022-08 Sicherheitsupdate für Windows 7 (KB5016892) x64+x86

The latter for Win7, although completely different named only as "security update" is the same KB number as for Server 2008 R2 and also links to the KB page with the ESU preparation.

To August 26, 2022, the blog reader then added the following information:

Addendum: since today also the Win7 packages are called ESU Licensing Preparation Package in WSUS just like the others with the same KB number.

Something is happening – and I link to this German article from deskmodder.de, who already pointed out in July 2022 that Windows 7 SP1 could possibly get another three years of security updates. Basis is probably a finding of user Aboddi86, who wants to have found in the July 2022 updates for Windows 7 SP1 ESU licenses and keys for the additional years 4, 5 and 6.

However, it should be noted that other than my comments above, I am not aware of any plans to offer ESU support for Windows 7 SP1 and Windows 8.1 beyond January 2023. If I look at the names of the Extended Security Updates (ESU) Licensing Preparation Package files above, they correspond to the ESU support extensions for Windows Server 2008 /R2 and Windows Server /R2 mentioned above. However, it is interesting that the client operating systems Windows 7 SP1 and Windows 8.1 are explicitly mentioned. So it will be an exciting story if Microsoft comes around the corner with something like this in November 2022. If that happens, it will be exciting to see whether there will also be a bypass ESU that normal users can use to install the security updates on the Windows clients.

The 0patch solution

Addendum: I briefly checked with Mitja Kolsek from ACROS Security. They will provide micropatches for the 0patch agent as long as there are security updates for the respective operating systems. Here is the info:

Thanks for reaching out. Our understanding is that Server 2008 R2 will ran additional year of ESU but we didn't hear anything similar for Windows 7. In any case, 0patch will continue providing patches for both for at least one more year, while we're "security-adopting" additional Windows versions as they go out of support. We're currently providing critical security patches for Windows 7, Server 2008 R2, and Windows 10 versions 1803, 1809, 1903, 1909 and 2004, and plan to allow users to stay securely on Windows 10 for a long time to avoid forced (and often costly) migration to Windows 11.

Windows Server 2008/R2 will be covered for at least one year.

Similar articles
Wow! Windows 7 get extended support until January 2023
Windows 7/Server 2008/R2 ESU support for the third year (2022)
Reports about deactivated Windows 7 SP1 systems with ESU Bypass

Windows 7: Buy and manage ESU licenses – Part 1
Windows 7: Preparing for ESU and license activation – Part 2
Windows 7: ESU Activation inEnterprise Environment – Part 3
Windows 7: ESU questions and more answers – Part 4
Windows 7: Securing with the 0patch solution – Part 2
0patch fixes all known and exploitable Windows NTLM/Kerberos vulnerabilities


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Update, Windows and tagged , , . Bookmark the permalink.

9 Responses to Will Microsoft provide ESU support for Windows 7/8.1 and Server beyond January 2023?

  1. P.D. says:

    One word: 0Patch.

    Used it with my win 7 SP! 64, never had a regret. There are an awful lot of people out there getting the $$$haft for ESU's.

    How does 30 euros a year sound?

    Hey, editor, how about some publicity for 0Patch?

    • guenni says:

      Concerning your last sentence. Have you ever tried a search for 0patch within this blog? I guess, you won't find another blog, that has coverered 0patch micro patches more often …

      but I've added an addendum (has been already published within my German article), with a statement from Mitja Kolsek from ACROS Security – we are frequently in touch. And there is now a link in the article list at the post's end, pointing to other 0patch blog articles.

  2. P.D. says:

    Thanks! I appreciate you pointing this out. These old eyes sometimes miss things.

  3. Gregor says:

    I recently visited a DIY store of the Castorama chain and saw that they were still using Windows 7 Enterprise on their computers, would it be too risky for them running this system in December 2022 just one month before ESU ends? So I started wondering if ESU will be extended and apparently it seems so.

    • guenni says:

      It depends – if they are using Win7 without Internet connection, there is no risk. Otherwise, it depends – it the system is still fully patched, I would see it in the same liga as W10.

  4. Advertising

  5. EP says:

    highly doubtful that MS will actually provide ESU support for Windows 7/8.x beyond Jan. 2023

    or they would have already decided that by now since it's already Dec. 2022

    • guenni says:

      I agree with you. What's still open: Will we see security updates for Windows Server 2008 R2 und Windows Server 2012 R2, that can be installed on Windows 7 / 8.1 clients. Both Server OS versions are still in Support for 2023 (2012R2 till October 2023, 2008 R2 on Azure).

  6. Annette says:

    Dont want to be nitpicking since I appreciate all information provided here. However I believe I found a typo:

    "ESU for Windows Server 2012/R2
    Windows Server 2012 and Windows Server 2012 R2will officially receive security updates until October 10, 2023. However, Microsoft has also set up an ESU program for these operating system versions for the years 2024 to 2016"

    Shouldnt it be 2026? with 4 th year or did I miss out on something?

Leave a Reply

Your email address will not be published. Required fields are marked *