What do I have to do to receive post-EOS Windows 7 and Windows Server 2008 R2 micropatches?

Mitja Kolsek -

To receive our post-End-of-Support Windows 7 and Windows Server 2008 R2 micropatches, you have to:

  1. Make sure to update Internet Explorer to version 11 and have it fully updated.
  2. Apply all official Windows updates to your Windows 7 and Windows Server 2008 R2 computers up to the latest ones, including all optional/recommended updates.
    1. No ESU: If you never had access to Extended Security Updates, this means the January 2020 monthly rollup (KB4534310), which includes both latest security fixes and all past security and non-security fixes).
    2. ESU Year 1: If you were using Extended Security Updates, but only the first year, this means the January 2021 monthly rollup (KB4598288).
    3. ESU Years 1 and 2: If you were using Extended Security Updates, but only the first and the second year, this means the January 2022 monthly rollup (KB5009610).
    4. ESU Years 1, 2 and 3: If you were using all three years of Extended Security Updates, this means the January 2023 monthly rollup (KB5022338).
  3. Should Microsoft issue any free updates for your system after its end of support, you should also apply these updates (e.g., they have issued EternalBlue and BlueKeep updates for Windows XP and Windows Server 2003 after their support had ended).
  4. Have an account in 0patch Central (https://central.0patch.com).
  5. Install 0patch Agent on each Windows 7 and Windows Server 2008 R2 computer you want to protect with 0patch, and register these agents with your 0patch account credentials.
  6. Have a suitable number of 0patch PRO or 0patch Enterprise licenses in your 0patch account.
  7. Allow your 0patch-protected computers to connect to 0patch server for periodic syncing in order for them to receive new micropatches and in order for you to remotely manage them (included in the Enterprise license).

 

Additional explanation on updates you need to have applied

To clarify this requirement, we must explain how our micropatches work: each micropatch we issue is applicable to a specific executable module (usually EXE or DLL), based on that module's cryptographic hash. If we want to micropatch the same vulnerability on two versions of svchost.dll, for example, we need to make two micropatches (i.e., port the micropatch from the one that we patch first, to the other). While such porting is often trivial (but not always), each executable module on any Windows system comes in many versions, with most Windows Updates changing dozens to potentially hundreds of executable modules. To cut down on porting, and more importantly, to minimize the risk of our users not having the correct version of modules we're patching, we want them to have (ideally) identical copies of Windows 7 computers - at least as far as operating system files go. That is why we decided on our above requirement to "Apply all official Windows updates to your Windows 7 and Windows Server 2008 R2 computers up to the latest ones" and "including all optional/recommended updates". We think this gives us the best chance of unifying all users' computers on a common baseline. Not installing some of the updates might result in some executable modules not being of the same version as those with the latest Rollup, and micropatches for such modules would then not get applied. (Moreover, users would not even know they could have been applied but weren't due to improper version.) 

Have more questions? Submit a request

2 Comments

  • 0
    Avatar
    nasasvcs

    I've disabled Internet Explorer using "Turn Windows features on or off". Must Internet Explorer still be installed for 0patch to operate successfully?

  • 0
    Avatar
    Mitja Kolsek

    Hi nasasvcs, 0patch does not need Internet Explorer to operate.

Please sign in to leave a comment.