What do I have to do to receive post-EOS Windows Server 2012 micropatches?

mitja.kolsek -

To receive our post-End-of-Support Windows Server 2012 micropatches, you have to:

  1. Apply all official Windows updates to your Windows Server 2012 computer up to October 2023 monthly rollup (KB5031442 for Windows Server 2012, KB5031419 for Windows Server 2012 R2).
  2. Should Microsoft issue any free updates for your system after its end of support, you should also apply these updates (e.g., they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).
  3. Have an account in 0patch Central (https://central.0patch.com).
  4. Install 0patch Agent on Windows Server 2012 computer you want to protect with 0patch, and register the agent with your 0patch account credentials.
  5. Have a suitable number of 0patch PRO or 0patch Enterprise licenses in your 0patch account.
  6. Allow your 0patch-protected computers to connect to 0patch server for periodic syncing in order for them to receive new micropatches and in order for you to remotely manage them (included in the Enterprise license).

 

Additional explanation on updates you need to have applied

To clarify this requirement, we must explain how our micropatches work: each micropatch we issue is applicable to a specific executable module (usually EXE or DLL), based on that module's cryptographic hash. If we want to micropatch the same vulnerability on two versions of svchost.dll, for example, we need to make two micropatches (i.e., port the micropatch from the one that we patch first, to the other). While such porting is often trivial (but not always), each executable module on any Windows system comes in many versions, with most Windows Updates changing dozens to potentially hundreds of executable modules. To cut down on porting, and more importantly, to minimize the risk of our users not having the correct version of modules we're patching, we want them to have (ideally) identical copies of Windows Server 2012 computers - at least as far as operating system files go. That is why we decided on our above requirement to "Apply all official Windows updates to your Windows Server 2012 computer up to October 2023 monthly rollup". We think this gives us the best chance of unifying all users' computers on a common baseline. Not installing some of the updates might result in some executable modules not being of the same version as those with the latest Rollup, and micropatches for such modules would then not get applied. (Moreover, users would not even know they could have been applied but weren't due to improper version.) 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.