Microsoft will prevent the shipment of security patches over the ordinary channel by ending Windows 7 and Server 2008 early next year. But consumers have an option to regularly receive safety fixes in the form of micropatches.
Micropatches are code bite-size sent from ACROS Security via the 0Patch platform to correct safety issues in real time. It is used for running procedures and does not need to restart the machine or the program.
High-risk bugs regular patch cycle
On January 14, 2020, when Microsoft ends assistance for Windows 7 and Windows Server 2008, 0Patch will continue to ship agents with vulnerability fixes.
“Each Patch Tuesday we’ll review Microsoft’s security advisories to determine which of the vulnerabilities they have fixed for supported Windows versions might apply to Windows 7 or Windows Server 2008 and present a high-enough risk to warrant micropatching.”
High risk issues for micropatching are defined here, including easy-to-exploit issues that are already used in attacks, faults resulting in realistic remote code execution, or those that have a patch that can not be implemented instantly.
If the sensitive code is in the unsupported version of Windows, the 0Patch team begins working to trigger the vulnerability and porte the patch.
If testing is effective, the micropatch will go on to all Windows computers within 60 minutes, 0patch partner Mitja Kolsek said today in a blog post.
How quickly will the software ship to end support (EoS) goods after Microsoft releases the official updates is uncertain.
Kolsek said that the shipping time depends on how difficult the formal patch on supported binaries is to re-implement and how quickly they can obtain proof-of-concept (PoC) for a crash test.
“The latter is usually the bottleneck, but since researchers often publish their POCs after the vendor has issued their fix this should be easier in this case than usual.” – Mitja Kolsek
Micropatches are generally accessible for clients who pay (Pro–$25 per agent per year and Enterprise permit holders). Nevertheless, Kolsek suggests that there are exceptions for high-risk problems that might slow the global spread that non-paying clients can access.
To assist big companies prevent disruptions, the platform will have a core management service, which will “enable administrators to organize pcs in groups and apply distinct strategies to these communities.”
The service allows micropatches to roll back and features alerts, graphs, reports and boxes. The business intends a 0patch server on-site version in the future.
Extended Microsoft safety updates
Windows 7 was published in the summer of 2009 and became Microsoft’s greatest success, making it the fastest-selling operating system in the firm’s history.
In addition to supporting clients in the program Extended Security Update (ESU), Microsoft offers safety updates for legacy products, which may cost about $350 for each laptop.
The cost is for a period of three years beginning from $50 in the first year of assistance and doubling annually for the Professional variant. The cost for the release of Enterprise is halved.
In Windows 7, Microsoft won’t give it up suddenly. The company also provides the Windows Virtual Desktop programme, in addition to the ESU program, which allows businesses to continue to use the operating system with free extended security updates until 2023.
Moreover, Microsoft today announced with the U.S. elections next year that safety updates will be accessible for free to Windows 7 federally licensed voting systems. However, this expansion finishes at the end of 2020.
Kolsek claims that 0Patch prices will not double every year and there will be quantity discounts available.
Windows 7 still remains a common operating system, as it was before Windows XP. According to various statistics, its present market share is a little over 30 percent. Just like Windows XP, still used today (above 1.5%), although it finished in April 2014, Windows 7 remains much longer than it has been expanded.
For at least a year, 0Patch will support Windows 7 and Server 2008, but eventually the market will determine how long the safety of deserted operating systems will last, Kolsek said.