We can't guarantee that. Microsoft's Extended Security Updates (ESU) include Critical and Important security patches for Windows 7 and Windows Server 2008 R2 according to their definition in Microsoft's Security Update Severity Rating System.
Our criteria for micropatching a vulnerability are specified here and are not identical to Microsoft's; while we expect ours and Microsoft's criteria to mostly overlap when it comes to high-risk vulnerabilities, it may happen that we decide not to micropatch some vulnerabilities Microsoft includes in ESU, but also that we do micropatch issues on Windows 7 or Windows Server 2008 R2 that aren't included in ESU.
Furthermore, it may happen that for whatever technical or other reason, we are unable to port a security fix to Windows 7 or Windows Server 2008 R2 as a micropatch (e.g., we may not be able to obtain a proof-of-concept for triggering the vulnerability while the vulnerability is already getting exploited in the wild, or the vulnerability may be in code that can't be micropatched). If that happens for a highly critical vulnerability, we'll provide recommendations for users to mitigate such vulnerability on their computers in some other way.
4 Comments