New Win7 Extended Security Updates licensing package

Topic

New Reply

Yesterday Microsoft released a new Licensing Prep package for those of you who are paying for Windows 7 Extended Security Updates. Per KB 4575903 This
[See the full post at: New Win7 Extended Security Updates licensing package]

4 users thanked author for this post.

Elly, Zathras, GreatAndPowerfulTech, abbodi86

Reply | Quote

Replies

According to Gunter’s article, KB4575903 is for Enterprise users of Windows 7 SP1. Microsoft’s article does not specifically mention Enterprise which seems to indicate that Professional is included also.  Does KB4575903 apply to Professional? And, is it ok to install?

Reply | Quote

It apply to all supported ESU editions, including Ultimate, Embedded, and Servers

if you are ESU user, yes it’s OK to install

Reply | Quote

Thanks.  I downloaded KB4575903 from the Microsoft Update Catalog and installed it.

Reply | Quote

[Alex5723]

Anyone care to explain why pay Microsoft x6 (for 3 years) for W7 ESU vs 0Patch Pro which also patching tens of other apps ?

• This reply was modified 2 years, 10 months ago by Alex5723.

1 user thanked author for this post.

GreatAndPowerfulTech

Reply | Quote

Trust and uncertainty about legitimacy/legality?

Reply | Quote

[Alex5723]

Trust in Microsoft ? Never.
There is no question of legitimacy/legality.

A huge plus to 0Patch. They only patch security bugs and doesn’t bundle Microsoft’s ‘trash’ with their patches.

We’re not deploying Microsoft’s monthly updates at all but rather write our own micropatches, and only for the critical issues that are likely to be exploited. See this article for more information: https://0patch.zendesk.com/hc/en-us/articles/360009439780

So naturally, there is no telemetry in our micropatches. However, 0patch does use a very light-weight telemetry itself to support basic functionality: Learn more here: https://0patch.zendesk.com/hc/en-us/articles/360018739694

• This reply was modified 2 years, 10 months ago by Alex5723.
• This reply was modified 2 years, 10 months ago by Alex5723.

Reply | Quote

Legality and trust that truly all of the needed security patches are included.

Susan Bradley Patch Lady

Reply | Quote

[Cybertooth]

In this context, we’re talking about 0patch.

With respect to trust that all the needed security patches are included, it would be a simple matter of comparing the patches that Microsoft issues to those issued by 0patch. (And as @Alex5723 pointed out, 0patch also covers other software in addition to the Windows OS.)

With respect to legality, it’s unclear how that comes into play here. I can see how one might question the legality of the ESU Standalone Installer Script, but I don’t see how the same can be done to 0patch’s method.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

• This reply was modified 2 years, 10 months ago by Cybertooth.

Reply | Quote

Although I built a new Win10 desktop and put it into service a week ago, there is nothing wrong with my 6-year old Win7 machine it replaced.  At this point I do not plan to put it out to pasture and am considering getting as much mileage out of it as possible which will include purchasing a year-2 ESU license and perhaps year-3.  When the time comes, will you publish year-2 ESU instructions?

Reply | Quote

I like to remind Susan that not once but many times 0Patch has issued Security fixes to critical bugs way before Microsoft did. In this regard I trust 0Patch to fix critical bugs and not fix somethings that doesn’t need a fix, like Microsoft does (Intel microcode for AMD CPUs..)

Reply | Quote

And there is always the “don’t patch” and image backup regularly to external USB option for those with few funds.

cheers, Paul

Reply | Quote

You are right. I run a daily incremental backup to external HDD.
Apart from price 0Patch is for those who doesn’t want to follow Microsoft’s patching, telemetry… or follow security patching for the tens of apps installed.

Reply | Quote

50/50.

True, many times 0Patch has issued Security fixes to critical bugs way before Microsoft did. This is what they advertise as one of the greatest advantage of their service. OTOH their patches/service already caused compatibility problems with basic/popular software and given the method they apply their patches (in memory/on the fly), it can happen again at anytime, most likely issues with various 3rd party security/AV software or even with the built-in Windows Defender or other components.

Also true, MS often fails with their patches and sometimes drops unneeded ones on you, especially in form of wrong drivers (the microcode update you cite is a bad example since that patch is actually a microcode database upgrade and the microcode is only applied [at every boot] when the current CPU the OS run on has an older version than in the database). W7 ESU does not cover microcode updates and neither driver upgrades so such kind of harm is less likely.

So I think the risk is similar using any of the methods, it’s rather the difference of the cost of the two services which can be a deciding factor. If that’s also similar then I’d stick with ESU.

Reply | Quote

[RM]

In response to Defcon 3.  Why do all of the win 7 windows July updates on the master patch list on the sheet, Windows7/Server 2008R2, say DEFER as of 8-1-20?  All of the Office 2010 July updates are also DEFER- KB4484382, Kb4484456 etc. Why?

• This reply was modified 2 years, 10 months ago by RM.

Reply | Quote

The july 31 sheet hasn’t been posted yet.  It goes out this weekend.

Susan Bradley Patch Lady

Reply | Quote

Thanks very much for letting me know the timing of the latest July sheets.  I appreciate all the work that it takes to keep it updated and your expertise on deciphering the MS output.

Reply | Quote

[Alex5723]

Alex5723 wrote:

Anyone care to explain why pay Microsoft x6 (for 3 years) for W7 ESU vs 0Patch Pro which also patching tens of other apps ?

• This reply was modified 2 years, 10 months ago by Alex5723.

I’ve been using 0patch Pro for seven months now. It’s been excellent with nothing weird happening. At$30 year, it’s a real value. Plus, they patch zero days before Microsoft does.

GreatAndPowerfulTech

3 users thanked author for this post.

Alex5723, gkarasik, Cybertooth

Reply | Quote

[Geo]

You have no choice if you have Home Premium.  You have to use 0patch Pro.

• This reply was modified 2 years, 10 months ago by Geo.

Reply | Quote

Give me 1 reason to favor Microsoft’s ESU.

Reply | Quote

Alex5723 wrote:
Give me 1 reason to favor Microsoft’s ESU.

Susan tried to help earlier when she wrote this above:
Legality and trust that truly all of the needed security patches are included.

Let me try…
Because it is Microsoft’s ESU, specifically produced by Microsoft for the purpose of properly patching Microsoft’s Windows 7 Operating System.

Previously you mentioned your “50 years in IT”. Maybe it might help if, for just a few minutes more, you try to consider things from the perspective of someone involved in decision-making for a business?

Hope this helps.

Reply | Quote

[Alex5723]

anonymous wrote:

consider things from the perspective of someone involved in decision-making for a business?

Decision-making for a business doesn’t throw $420 for 3 years for each PC vs $90 for the same 3 years.
0Patch fixes only those security bugs which has the potential of being exploited eliminating all the “noise” Microsoft installs which have no benefits.
Microsoft isn’t to be trusted, never was and never will be.

• This reply was modified 2 years, 10 months ago by Alex5723.

Reply | Quote

Alex, considering that with ESU, the OS ‘binary integrity’ is as intended, after all, MSFT coded the OS and THEY know best. I’m not dissing 0Patch and is probably an excellent choice for homeusers and smaller businesses but, I don’t think saving $$$ is the issue from a technical POV in large organisations.

Keeping IT Lean, Clean and Mean!

Reply | Quote

business doesn’t throw $420 for 3 years for each PC

Not sure this is required. I was able to buy MS ESU for just one year needed for a few PCs. I was not asked to buy or commit to multiple years. Don’t recall exactly but unit cost was USD $65-$70. IIRC would have been less for business with volume license discount.

Reply | Quote

Blargh.  As if the continual servicing stack updates weren’t enough…first MS couldn’t get us to take Windows 10 for free; then they couldn’t sneak it onto our systems on the sly; then making us pay to keep our machines up to date didn’t work; so now they’re trying to straight-up annoy us into switching.  Not too good at taking a hint, are they?

i7-10700k - ASROCK Z590 Pro4 - 1TB 970 EVO Plus M.2 - DDR4 3200 x 32GB - GeForce RTX 3060 Ti FTW - Windows 10 Pro

Reply | Quote

When you release an ESU Preparation Package, then supersede it with ESU updates
yet, the package itself is still explicitly required to recieve ESU updates via WU

FYI, any of the 3 preparation updates will work

2 users thanked author for this post.

Microfix, ch100

Reply | Quote

It’s very odd isn’t it – this ESU patch shown as superseded by the SMQR and SOQU – my first thought when I saw it in SCCM was that this was a metadata error but the same info is all over the KB info pages as well.

MS making it up as they go along?

Reply | Quote

They just want to make sure all ESU users to have the updating licensing, whether via preparation package or ESU updates themselves

Reply | Quote

Hi,

The superseding updates don’t supersede anymore. Microsoft has released a new revision on the same day as the original “revision” which undoes this supersedence (though with a quirk in WSUS, which shows the ESU prep update still as superseded, while the superseding update list is empty).

I’ve detailed everything at my blog, if you would like more information: https://windoh.wordpress.com/2022/08/19/update-without-superseding-updates-is-shown-as-superseded-in-wsus

Ciao!

Padre Pedro

WinDoh

 

Reply | Quote