CATEGORIES
home News

Windows 7 Users Denied Critical IE Security Patch As Microsoft Sticks To Support Blackout

by Paul LillyFriday, January 24, 2020, 10:12 AM EDT
Windows 7
For the most part, Microsoft will not be pushing out a critical patch to Windows 7 users to address a security flaw in Internet Explorer. Microsoft confirmed its plans in a statement, saying the only Windows 7 users who will received the security update are those who are paying for extended support, as businesses are welcome to do.

Let's not feign surprise at the decision. Windows 7 enjoyed a nice, long run before it was finally retired last week, a decade and a half after it first released to the public. Microsoft provided plenty of warning leading up to last day of support, including nag screens urging hold outs to upgrade their PCs to Windows 10.

The bug in question is a zero-day remote code execution vulnerability in IE. If exploited, an attacker could corrupt a system's memory in such a way that they would then be able to run arbitrary code in the connect of the current user. In other words, if a person is logged in as an administrator and falls prey to this attack, the malicious actor could take full control of their system.

Microsoft anticipates rolling out a fix to supported versions of Windows during the next Patch Tuesday roll out. Barring a change of heart, Windows 7 will not be included (save for businesses paying for extended support).

"Now that we have reached end of support, those customers without paid Extended Security Updates (ESUs) will not receive new security updates. We remain committed to helping our customers remain secure as they modernize their systems and make the move to Windows 10. While we provide long lead times for upgrades, we understand that some customers still need more time, which is why we have several options for our customers— services like Microsoft FastTrack to expedite migrations, desktop virtualization using Windows Virtual Desktop (which includes Extended Security Updates for three years), or paying for Extended Security Updates (ESUs) annually for up to three years. We will continue to work with our customers on the path that makes the most sense for them beyond the end of support date," Microsoft said in a statement.

Historically, Microsoft has made exceptions to supporting legacy OSes, though usually only in dire circumstances. For example, it opted to patch Windows XP systems when the WannaCry ransomwawre was wreaking havoc.

In this case, Microsoft said it is aware of "limited targeted attacks" leveraging the bug in IE. Though it is a zero-day exploit, it's also a much different situation than WannaCry. I fully understand that Windows 7 users might be frustrated at Microsoft drawing a hard line so close the end-of-support of date, but I'm not willing to rake the company over the coals on this decision. Windows 7 is retired, and any future pro bono support updates should be seen as a bonus, not an expectation.

Image Source: okubax (via Flickr)
Tags:  Microsoft, Windows 7, Internet Explorer, security, (nasdaq:msft)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment