Microsoft documented 34 different bugs that were worrisome enough to get CVE numbers, while Adobe listed three (the Adobe products with bugs of CVE-level seriousness are RoboHelp Server, InCopy and Creative Cloud, in case you were wondering).
You can read up on the details of this month’s Microsoft’s patches on our sister site Sophos News…
…where you will find our observation that:
The [updates include] a critical patch to the Windows Servicing Stack, which is how Windows delivers and installs updates, especially to machines that are running versions of Windows no longer receiving regular support. That’s especially important this month, because several of the updates have been released for systems as out-of-date as Windows 7, which as of today is 665 days past its official end of life on January 14, 2020.
In case you’re wondering, this isn’t one of those “this security hole is so terrible that we are even providing free patches for long-gone products like XP and friends” announcements that happen from time to time.
You need to be part of the Windows 7 Extended Support Updates (ESU) programme to get this particular update – and, yes, enrolling for extended support costs extended money.
Extended Support Updates update
Interestingly, however, just before this Patch Tuesday, Microsoft updated its Windows 7 Extended Support Update advice, and if you were secretly hoping that you would be able to buy some extended time for your extended updates, you might be disappointed (our emphasis below):
Update 2021.11.05: For Windows 7 SP1 and Windows 7 Professional for Embedded Systems, the Extended Security Update (ESU) Program will be entering its third and final year of extended support beginning on February 8, 2022 and ending on January 10, 2023.
For Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure, ESU will have one additional year of extended support available beginning on February 14, 2023, ending on January 9, 2024.
Just so you know
So, Windows Server 2008 will, for the right money, fight on for another year, giving you just over two years from now to upgrade to a modern version of Microsoft’s server operating system.
(Or two years switch to another platform, such as Linux or one of the BSDs, but we’re not sure how many sysadmins will want – or would be allowed, even if they wanted – to do so.)
But Windows 7 is definitely done for in just over a year’s time.
We know that some people are determined to stick with it, for a range of reasons, usually including two or more of the following:  I can run it on older computers  I’ve finally customised it the way I want,  leave my Start Menu alone, and  security updates are over-rated as long as you’re careful.
But the overtime clock really is ticking, and it really is ticking down for good, with no double overtime in sight, neither for love nor for money.
We’re convinced that if there were still any chance of Microsoft relenting and adding extended extended support, even if it meant paying extra extra fees, the company wouldn’t have committed publicly to extending support for Server 2008 in the same message that it committed publicly to not extending support for Windows 7.
Just so you know!