What do I have to do to receive post-EOS Windows 7 and Windows Server 2008 R2 micropatches?

Mitja Kolsek -

To receive our post-End-of-Support Windows 7 and Windows Server 2008 R2 micropatches, you have to:

  1. Make sure to update Internet Explorer to version 11 and have it fully updated.
  2. Apply all official Windows updates to your Windows 7 and Windows Server 2008 R2 computers up to the latest ones (or the January 2020 monthly rollup, KB4534310, which includes both latest security fixes and all past security and non-security fixes), and also any subsequent updates that Microsoft may issue (like they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).
  3. Install 0patch Agent on each Windows 7 and Windows Server 2008 R2 computer you want to protect with 0patch, and register these agents with your 0patch account.
  4. Have a suitable number of 0patch PRO or 0patch Enterprise licenses in your 0patch account.
  5. Allow your 0patch-protected computers to connect to 0patch server for periodic syncing in order for them to receive new micropatches and in order for you to remotely manage them (included in the Enterprise license).


Additional explanation on updates you need to have applied

To clarify this requirement, we must explain how our micropatches work: each micropatch we issue is applicable to a specific executable module (usually EXE or DLL), based on that module's cryptographic hash. If we want to micropatch the same vulnerability on two versions of svchost.dll, for example, we need to make two micropatches (i.e., port the micropatch from the one that we patch first, to the other). While such porting is often trivial (but not always), each executable module on any Windows system comes in many versions, with most Windows Updates changing dozens to potentially hundreds of executable modules. To cut down on porting, and more importantly, to minimize the risk of our users not having the correct version of modules we're patching, we want them to have (ideally) identical copies of Windows 7 computers - at least as far as operating system files go. That is why we decided on our above requirement to "Apply all official Windows updates to your Windows 7 and Windows Server 2008 R2 computers up to the latest ones". We think this gives us the best chance of unifying all users' computers on a common baseline. Not installing some of the updates might result in some executable modules not being of the same version as those with the latest Rollup, and micropatches for such modules would then not get applied. (Moreover, users would not even know they could have been applied but weren't due to improper version.) 

Have more questions? Submit a request


Please sign in to leave a comment.