Microsoft plans to end support for the company’s operating systems Windows 7 and Windows Server 2008 R2 in January 2020. Enterprise customers may purchase extensions to extend support by up to three years and some other exceptions apply that extend official support.
Most businesses and all home customers won’t be able to extend support officially. Security company 0Patch announced on September 21, 2019 that it will step in and “security-adopt” Windows 7 and Windows Server 2008 R2 to create and distribute security patches for these operating system versions after January 2020.
The company has released so-called micropatches before to patch vulnerabilities in Windows and other products, and plans to use the system to provide security updates for Microsoft’s operating systems once support ends officially.
Here is how the company plans on doing this:
- Security updates that Microsoft releases for supported versions of Windows are reviewed to determine which might also apply to Windows 7 or Windows Server 2008 R2. 0Patch determines if the selected issues present a high-enough risk to warrant a security patch.
- Company engineers inspect the updates then to determine if the vulnerability applies to Windows 7 or Windows Server 2008 R2 as well.
- If the vulnerabilities affect these versions of Windows, 0Patch will create a proof of concept or use an existing one if it has been published by security researchers for testing.
- The engineers will then use Microsoft’s code that patches the vulnerability or code by others to port the fix to the unsupported operating system versions.
The patches are then released by the company and home and businesses administrators may install them on devices still running these versions of the Windows operating system.
The company is working on a centralized system similarly to WSUS for large organizations to help with the organization and management aspects of patching a large number of devices.
Firstly, in order for large organizations to be able to use 0patch efficiently, we’re developing a central management service (think WSUS for 0patch, but nice and fast) which will allow admins to organize computers in groups and apply different policies to these groups. Admins will thus be able to set up “testing” groups where new micropatches will be applied immediately, and subsequently have them applied to the rest of their computers with a few clicks (and of course, without users ever noticing anything). Naturally they’ll also be able to un-apply any micropatches just as easily and quickly should they choose to. There will be alerts, graphs, reports, and drill-downs, and the very next step will be an on-premises version of 0patch server which so many organizations are asking for.
Windows 7 and Server 2008 R2 are used on a huge number of systems and there is little doubt that the numbers won’t go down significantly in the coming three months. All home and business systems running these operating system versions will remain unpatched after January 2020 which could be disastrous if malicious actors find vulnerabilities to exploit.
While it happened before that Microsoft released patches for unsupported versions of Windows, the company has done so rarely and only for high-profile security issues
Businesses and home owners have multiple reasons for staying on Windows 7, at least for the time being. These customers may benefit from the patches that 0Patch plans to release once support runs out officially.
Relying on a third-party company to patch an operating system requires a level of trust. It is going to be interesting to see how 0Patch will handle the gigantic task and how it plans to address bugs and issues that are caused by the patches that it puts out.