News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – Windows 7 ESU last minute requirement

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – Windows 7 ESU last minute requirement

    This topic contains 27 replies, has 21 voices, and was last updated by  EP 2 days, 15 hours ago.

    • Author
      Posts
    • #2138979 Reply

      Susan Bradley
      AskWoody MVP

      Microsoft has thrown a wrench into the last minute Windows 7 ESU updates. Now even though you’ve installed the ESU key and everything “was” ready to g
      [See the full post at: Patch Lady – Windows 7 ESU last minute requirement]

      Susan Bradley Patch Lady

    • #2138992 Reply

      PerthMike
      AskWoody Plus

      It showed up on WSUS this morning, too, along with all the other 2020/02 updates (but they show as “not needed” for machines without the ESU patch.

      No matter where you go, there you are.

      1 user thanked author for this post.
    • #2138995 Reply

      MrJimPhelps
      AskWoody_MVP

      To anyone who has purchased updates through any ESU program, as a shareholder of Microsoft I want to apologize for this really not well done, not automatic process. I personally will be calling several businesses that I assisted to obtain these extended security patches and will apologize for having to bother them to get their machines in a condition to get additional updates when I thought I already had them ready to go.

      It’s very noble that you are apologizing, Susan; but in fact, it isn’t your fault. Even though you are a Microsoft shareholder, you weren’t in on any decisions at Microsoft as to how to implement this process.

      Group "L" (Linux Mint)
      with Windows 8.1 running in a VM
      1 user thanked author for this post.
      • #2139016 Reply

        anonymous

        Well maybe one of those big institutional MS investors will step up to complain and the big retirement funds and or even the small investors banding together to have more influence.

        Personally I think that MS is missing out on some ESU revenue channels by not making 7’s ESU for a price available to a wider population of Windows 7 end users. But I guess that it’s not easy for anyone at any time past or present to deal with MS and licensing related issues as well as KB’s that appear with no logical notice and instructions or update dependency notifications.

         

        1 user thanked author for this post.
        Geo
    • #2139032 Reply

      AmbularD
      AskWoody Plus

      Not your fault at all, Susan, but thanks for addressing that.  Can we treat this one as being under DEFCON-2 with the rest until we get the all clear?

      i7-4790k - Z97X-Gaming 3 - DDR3 2133 x 32GB - GTX 1070 FTW - Windows 7 Pro x64 SP1

    • #2139049 Reply

      honx
      AskWoody Lounger

      to make Windows update show you updates for both any Windows 7 post ESU security updates *AS WELL AS* the Office updates.

      does this mean, without paying for extended support, i won’t even see any office 2010 updates although office 2010 is still supported until later this year (october or something)?

      PC: Windows 7 Ultimate, 64bit, Group B
      Notebook: Windows 8.1, 64bit, Group B

      2 users thanked author for this post.
      • #2139065 Reply

        Pim
        AskWoody Plus

        I have a machine without ESU but with Office 2010. On that machine Windows Update does show the Office updates.

        ASRock Beebox J3160 - Win7 Ultimate x64
        Asus VivoPC VC62B - Win7 Ultimate x64
        Dell Latitude E6430 - Win7 Ultimate x64
        Dell Latitude XT3 - Vista Ultimate x86 (still...)
        Gigabyte GA-H110M-HD3 DDR3 - Win10 Pro 1809 x64

        1 user thanked author for this post.
    • #2139053 Reply

      CBA
      AskWoody Plus

      I installed (late to the market) KB4538483 on my already ESU licensed W7 Pro x64 laptop. No problem.

      I checked for updates, via WU, and found Rollup KB4537820 and MRT KB890830. Installed both, rebooted and no problems.

      Finally, checked for updates again and found SSU KB4537829. Installed, no issues.

      I gather this proves that my ESU license works.

      2 users thanked author for this post.
    • #2139119 Reply

      Bridgemans
      AskWoody Lounger

      Thank you Susan for this. I had installed ESU and it said it active. It downloaded a rollup below so thought its all done

      2020-01 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4539601)

      Installation date: ‎08/‎02/‎2020 20:00

      And now thanks you your link its downloaded

      Security Update for Windows (KB4538483)

      Installation date: ‎12/‎02/‎2020 10:42

      Fix for KB4538483

      2 mins after doing this 4 (2 windows 7 x64 KB4537820 & KB890830 and 2 office 10 KB4484267 & KB4484163 ) security updates appeared on updates available to install

       

       

    • #2139190 Reply

      Bridgemans
      AskWoody Lounger

      Another one gone through, 2020-02 Servicing Stack Update for Windows 7 for x64-based Systems (KB4537829)

       

      • #2139285 Reply

        EP
        AskWoody_MVP

        this new KB4537829 SSU enforces new updates like KB4537820 to check for a valid ESU license and whether or not KB4538483 is installed and KB4537820 will fail to install with “Failure to configure Windows updates. Reverting Changes.” message unless all conditions are met.

        2 users thanked author for this post.
    • #2139273 Reply

      Zathras
      AskWoody Plus

      No surprise whatsoever with this last minute requirement.  Microsoft can’t even get regular monthly patching for Windows done correctly.  Why should the ESU licenses be any different…  grrrr

      Time to go back thru a few dozen machines when I thought the ESU licenses were all set.

      Thanks for the heads up!

       

    • #2139306 Reply

      JCCWsusser
      AskWoody Plus

      Has anyone confirmed they will not update without this patch?

      1 user thanked author for this post.
      • #2139309 Reply

        Susan Bradley
        AskWoody MVP

        I didn’t get the needed Windows 7 updates without this additional patch.  If you haven’t opted into the ESU program then you’ll probably still get the Office updates.

        Susan Bradley Patch Lady

        3 users thanked author for this post.
        • #2140144 Reply

          AlexEiffel
          AskWoody_MVP

          I confirm that I did receive the Office 2010 updates without the ESU patch.

          I really don’t understand how Microsoft can have overlooked this business opportunity here.

          Did they really think they would make that much more money out of users who didn’t upgrade yet by not making it easy to stay on 7 a bit more, hoping they would hop on 10?

          They could have pushed a Windows update that, in addition to warn users about the end of Windows 7 support, would have offered a very simple way to just click a link and input your credit card to receive one more year of security updates. I bet they would have made a ton of money on ageing hardware, then the same the next year, and another and then for the license on the new PC that would eventually been bought if the old Win 7 PC would have lasted that long.

          I guess bragging about how many people are on 10 or the ability to have a large enough captive audience to crank up the monetization strategy without people having acceptable alternatives was too high, or they are just a bit clueless about everything. The way they offered ESU seems ridiculous and improvised.

    • #2139381 Reply

      woody
      Da Boss

      An interesting tweet from Bryan Dam:

      Near as I can tell KB4538483, KB4538484, and the ESU updates will appear in WSUS just fine. The clients just need to install one of the first two before they will detect the ESU updates as applicable. Both of those KBs are listed as distributed via WSUS.

      So everything should be automatic, it’s just going to take two patching cycles: the first to get KB4538483/4 (again, via WSUS) and after then another to detect that the ESUs are applicable. Essentially the same scenario as when they make a SSU a pre-req for that month’s CU.

      Does that sound right?

      • #2139513 Reply

        lawrenceB
        AskWoody Lounger

        That’s been my experience so far, Woody.

        Though, contrary to the KB4538483 article, I did not have to reboot after installing it to be offered the Feb OS rollup and Office security updates (all of which installed successfully.)

        All from WSUS FWIW. Tested 3 machines so far.

    • #2139512 Reply

      luanne1
      AskWoody Plus

      i have a windows 7 professional 64 bit desktop and purchased ESU. Windows Update is not offering me any security patches even after i installed the new update patch today. the only updates it is offering are microsoft security essentials, the malicious clean up tool and excel and outlook 2010 patches. Anyone have any advice?

    • #2139589 Reply

      anonymous

      The fact we have to install a last-minute patch to get the ESU patches is concerning.

      Any reports of KB4538483 causing issues?

      • #2139671 Reply

        abbodi86
        AskWoody_MVP

        It’s just install required ESU support licenses, perfectly safe

    • #2139625 Reply

      Reporting in:

      Installed KB4538483, checked WU, and was offered (and declined) the regular Feb. Glockenspiel, i.e. 2020-02 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4537820) as well as the MSRT Windows Malicious Software Removal Tool x64 – February 2020 (KB890830)

      No ill effects seen yet, running FF 73.

      Was NOT offered the 2020-02 Servicing Stack Update for Windows 7 (KB4537829) , the SSU patch per Woody’s article, and it’s not installed on my system, nor has it been previously offered, I’m pretty sure. Maybe it will appear AFTER the Feb patches have been installed…and I’m definitely waiting for Defcon 3 or better to do that!

      Hey, Redmond, you got us again! (Pulls arrow out of body.) Ow! That was NOT from Cupid!

      Susan, my heart goes out to you; I feel yours and every Sysadmin’s pain on this one. Thanks for the Alert!!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #2139731 Reply

      Alex5723
      AskWoody Plus

      Ghacks: It appears that the Windows 7 ESU Bypass is indeed working

      A bypass to use ESU-only patches on Home machines — basically any machine that has not joined the program officially — was discovered and published in December 2019. The bypass worked with the test ESU patch that Microsoft released but it was not clear back then if it would also work with “real” patches.

      Now that the first post-Windows 7 support patch has been released, confirmations are coming in that the bypass is indeed working…

      https://www.ghacks.net/2020/02/13/it-appears-that-the-windows-7-esu-bypass-is-indeed-working/

      1 user thanked author for this post.
    • #2139785 Reply

      magic
      AskWoody Lounger

      Quick one to say that KB4538483 showed up in WSUS, and was automatically approved and deployed by SCCM for our environment. No manual deployment necessary.

      • This reply was modified 6 days, 13 hours ago by  magic.
      1 user thanked author for this post.
    • #2139871 Reply

      anonymous

      Thank you for the confirmation. Microsoft is making the process really painful for no good reason. They are also putting us at risk with the last minute decision to add new requirements in for the patches to work.

      Also, we now have to deploy the patches manually as they will not download any longer with our current patch management tool.

      • #2140397 Reply

        Paul T
        AskWoody MVP

        they will not download any longer with our current patch management tool.

        What is your management tool?

        cheers, Paul

    • #2140993 Reply

      EP
      AskWoody_MVP

      I’ve been thinking, Susan

      once Win7 users paid for the ESU licenses, manually downloaded & installed the KB4538483 update and have successfully installed the Feb. 2020 updates, do they need to remove KB4538483 afterwards or should they keep the KB4538483 update installed in order to receive new updates in the upcoming months beyond this month?

      that is something to think about

      • This reply was modified 4 days, 15 hours ago by  EP.
      • This reply was modified 4 days, 15 hours ago by  EP.
      • This reply was modified 4 days, 15 hours ago by  EP.
      • #2141131 Reply

        abbodi86
        AskWoody_MVP

        KB4538383 is now like the SHA2 support updates (KB4490628 & KB4474419), it’s baseline to get further updates through WU

        Windows Update ESU Prerequisite Hierarchy

        Winmgmt service not disabled
        |
        supported ESU editions
        |
        ESU key activated
        |
        ESU Preparation update KB4538483 installed
        |
        January SSU KB4536952 or later installed

        2 users thanked author for this post.
        • #2141846 Reply

          EP
          AskWoody_MVP

          thanks abbodi86.

          perhaps Susan should explicitly state that Win7 users should manually download & install the KB4538483 update AND to not remove it

          1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – Windows 7 ESU last minute requirement

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.