As Windows 7 approaches end-of-life, one group has a plan to keep patching it

By Dan Thorp-Lancaster
published

0patch wants to keep Windows 7 and Windows Server 2008 secure by developing and deploying micropatches.

What you need to know

  • Windows 7 and Windows Server 2008 will reach end-of-life in January, 2020.
  • One security group, 0patch, has laid out plans to issue their own micropatches after Microsoft ends its support.
  • 0patch is ramping up its processes now to start deploying patches after official support ends in January.

Windows 7 and Windows Server 2008 will reach end-of-life status in January of 2020, meaning Microsoft will stop shipping security fixes unless organizations pay for extended support. One group, however, is looking to keep both secure by issuing their own "micropatches" for both Windows 7 and Windows Server 2008 after Microsoft's official support ends.

As detailed in a recent blog post, 0patch, a group backed by security research firm ACROS Security, has laid out a plan to develop and deploy patches for high-risk vulnerabilities in Windows 7 and Windows Server 2008 after January, 2020.

The patches will be developed based on the security advisories Microsoft posts with each Patch Tuesday for Windows 10. 0patch says that its team will determine which high-risk vulnerabilities are present in Windows 7 or Windows Server 2008 and then develop proof-of-concept (POC) tests for triggering vulnerabilities. From there, 0patch plans to develop and deploy fixes on their own. From 0patch:

Once we have a POC and know how the vulnerability was fixed by the people who know the vulnerable code best (i.e., Microsoft developers), we'll port their fix, functionally speaking, as a series of micropatches to the vulnerable code in Windows 7 and Windows Server 2008, and test them against the POC. After additional side-effect testing we'll publish the micropatches and have them delivered to users' online machines within 60 minutes.

The plan sounds ambitious, but the firm is hoping it can be used as a stop-gap for large organizations who may not be ready to update to Windows 10 and want to keep their Windows 7 and Windows Server 2008 machines secure. The group is currently working on its own central management service that allows administrators to set up groups of computers and use different policies for them.

Earlier this year, Microsoft began warning Windows 7 users about the OS's impending end-of-life date on January 14, 2020. Those still running Windows 7 on personal PCs are encouraged to move to Windows 8.1 or Windows 10, but enterprises can opt to pay for extended security support.

Dan Thorp-Lancaster
Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

24 Comments
  • Move on already.
  • I would hope this is for the bigger instutions that can't afford to just replace working machines or upgrade their OS.
  • No thanks. I will keep using Windows 7 till my PC dies. Maybe by then Windows 10 will be usable.
  • I Highly doubt it they can't stop breaking it now even after being out 4+ Years. Every Patch breaks something else you would think their own Devs would know the OS
  • Same as above, a broken win10 outperforms a working win7 has been for the past 4 years...
  • Still works way better than 7 though
  • Works perfectly for me
  • Nah. I love both 7 and 8.1. The only reason I have 8.1 is that it is overall superior to 7 in my opinion. My laptop came with Windows 10, the first thing I did was a complete wipe of my SSD and a fresh install of Windows 8.1. I'll stick with 8.1 as long as my laptop runs. When it dies, I'll install 8.1 on my next computer. It's that simple at me. I don't need Microsofts spyware with that speaking-searching b*tch in the background eating up my RAM and destroying my gaming experience. 8.1 also doesn't get f*cked by daily updates. It was secure from the beginning like 7. I'd rather use Linux than 10, but that'll never happen since I stick with 8.1
  • This is an absolutely terrible idea. This guarantees those systems will be highly exploitable. Using Win10 as the guide ensures you miss the most serious vulnerabilities, as Win10 was architected to avoid the worst known styles of exploits from the ground up. At best, this will grant a very false sense of security to those who subscribe to it.
  • Ah Mr. Fleetwood- Wrong!
    We the masses on Windows 7 want to stay where we are and since MS is abandoning us..this sounds pretty good to me. You all you think Windows 10 is so great- you bowed to MS arm twisting 18 months ago. Remember that??? and how unethical it was. Guess you don't care. We did!
    Bill
  • What I run is irrelevant, I use a mic of Windows, Linux and iOS to get through my day. The point is that the most critical bugs cannot be caught by the methodology being proposed here, in fact they will be explicitly missed. This is a huge problem, and it permits the security-ignorant to believe they are safe when they are more vulnerable than ever.
  • While I agree with you that this isn't going to be the best idea for folks using Win7 beyond it's EOL, your reasoning is wrong. Usually, the exploits and vulnerabilities are identified and shared publicly, even for OSes that are well beyond their EOL. This group's goal is to develop and distribute patches for those vulnerabilities as they're identified. So. the "most critical bugs" are caught anyway; it's the patching that is ending in 2020...
  • This group is not claiming to fix everything that is reported, they are claiming they will use release notes for Win10 to identify and fix issues with Win7. That means that issues that do not also impact Win10 are unlikely to be patched.
  • Microsoft didn't abandon you, there is a finite life to any software, you are on your own.
  • What arm twisting? I got win10 for free if that's arm twisting... Be my guest here is my second arm... Win 7 is dead and obsolete has been for while heck was before win10 was out.... But then again you could be worst.. ' you could be on XP like some still are preaching the exact same bs since win7 got out
  • Yeah good idea installing OS updates from somewhere other than Microsoft. Asking for trouble big time
  • Vincent, you move on. Most of us prefer to stay on Windows 7 because it is familiar and superior. Leave us alone please. We want to stay on Windows 7 and I for one will be contacting this group.
  • SMH at people that refuse to upgrade.
  • Shut up retard.
  • Superior in what? Loading time? Number of BSOD? Time to get things done/configured? Beside those there ain't much win7 is superior at... Has been for while.... It just can't... Even my old rigs run better than it did on 7
  • What large organization would be trusting these guys to patch their computers? Better off paying Microsoft for extended support or you know, upgrading as they have known for quite some time this was coming.
  • It will probably be possible to get Windows Embedded POSReady 7 or Thin PC’s updates on 7, both of which are still supported until October 2021. Just like how people could get POSReady 2009 and Server 2008 updates on XP and Vista respectively.
  • The same thing happened when xp was nearing end of life... "xp is the best os", "7 isn't as stable", "why should I upgrade at all when my xp runs fine?". People do eventually move on. Those who don't? Let them be increasingly frustrated by lack of compatibility from third-party apps the longer they stay on an unsupported OS. There's a reason why most of those xp diehards eventually moved to 7, and that same reason will apply to the now-win7-diehards, it's just a matter of time.
  • virtualization technology is still around.