Microsoft extends security patch support for some Windows 7 users

Microsoft is offering an olive branch to companies taking too long to upgrade from Windows 7, the company revealed last week. It will provide security updates for another three years as it tries to help business customers migrate to Windows 10 – but they’ll have to pay for the privilege.

Microsoft products go through two support phases. The first is mainstream support, which lasts for five years from the product’s release. Then, it provides another five years of extended support, but with caveats.

While the company continues to offer security updates for its products during the extended support phase, non-security updates are only available on a paid basis, and only for enterprise users, not consumers. At the end of the extended support period, the security updates are also supposed to end, which leaves users with increasingly vulnerable systems unless they migrate to a newer version of Windows.

Mainstream support for Windows 7 ended in 2015, and Microsoft had already warned customers that extended support for that version of the operating system would end in January 2020. However, in a blog post, it acknowledged that “everyone is at a different point in the upgrade process”.

To support late upgraders, the company will charge for Extended Security Updates (ESU) for an additional three years. It will charge for these on a per-device basis, ratcheting up the charge each year.

Microsoft eventually phases out support for all of its products. It ended extended support for Windows Vista Service Pack 2 last year, and Windows XP Service Pack 3 in 2014.

However, it is not always easy for users to upgrade to the newer versions before end-of-support deadlines (as we saw with Windows XP). The largest companies are running tens or hundreds of thousands of computers, and must cope with everything from budget to technical integration issues as they prepare to upgrade. In many cases, companies may be running bespoke applications that are not compatible with newer versions of the operating system. Upgrading that software can bring a host of technical, budgetary and compliance issues, and carry knock-on effects throughout the entire organization.

According to web analytics company StatCounter, Windows 10 deployments overtook Windows 7 worldwide only in January this year, following the newer operating system’s launch in July 2015. At the start of this year, 41.86% of worldwide Windows-based internet users were still using Windows 7, according to the company’s figures. Windows 7 still enjoys a strong loyalty among business users, StatCounter executives said at the time.

Windows 7 vulnerabilities have caused global problems in the past. Almost all of the infected computers from last year’s WannaCry ransomware attack were running Windows 7, according to researchers who analyzed infection rates at the time. However, the spread of the malware was down to poor cybersecurity hygiene. Microsoft had released a patch for the issue months before, but many computers had not been updated.

Microsoft’s Windows 7 patches haven’t all been up to par. Earlier this year, researchers discovered that security patches issued to resolve the Meltdown bug introduced a far worse vulnerability in Windows 7.

Microsoft encourages Enterprise customers still on Windows 7 to reach out to their Microsoft account team for details on upgrading.