Microsoft confirms that most Windows 7 users won't get a critical Internet Explorer security patch
Internet Explorer may be a relic from the past, but it's still out there and used by surprising numbers of people. Not all versions of it are supported by Microsoft anymore, so when a critical bug was discovered in the Windows 7, 8.x, 10, Windows Server 2008 and 2012 versions of the browser, there were questions about who was going to be protected.
The bug was revealed just days after support ended for Windows 7, and it wasn't clear whether Microsoft would stick to its guns and leave those people still using this operating system out in the cold and unprotected. The company has now confirmed what's going to happen.
- You can still get Windows 7 updates without paying a penny to Microsoft
- 0patch releases micropatch for Internet Explorer vulnerability -- including for Windows 7
- Microsoft pledges to patch Internet Explorer bug that is being actively exploited
Microsoft says that it is only Windows 7 users who have paid for Extended Security Updates who will receive a patch for the vulnerability. Home users for whom ESU is not an option will have no official patch available to them. While Microsoft's confirmation is not entirely surprising, the company has been known to change its mind when it comes to releasing updates for unsupported software.
But the confirmation raises further questions. As Microsoft has produced -- or at least will have produced -- a fix for paying Windows 7 users, can the company really justify not making this same fix available to everyone who needs it? Windows 7 usage may have dwindled significantly, but it is still used reasonably significant number, meaning that large numbers of people and their systems are potentially at risk -- something attackers will be only too happy to try to take advantage of.
In a statement issued to BetaNews, a Microsoft spokesperson said:
Now that we have reached end of support, those customers without paid Extended Security Updates (ESUs) will not receive new security updates. We remain committed to helping our customers remain secure as they modernize their systems and make the move to Windows 10. While we provide long lead times for upgrades, we understand that some customers still need more time, which is why we have several options for our customers -- services like Microsoft FastTrack to expediate migrations, desktop virtualization using Windows Virtual Desktop (which includes Extended Security Updates for three years), or paying for Extended Security Updates (ESUs) annually for up to three years. We will continue to work with our customers on the path that makes the most sense for them beyond the end of support date.
While this is not great news for home users who have taken the decision to stick with Windows 7, all is not lost. Micropatching service 0patch has already released a fix of its own for the vulnerability. Additionally, the company has said that it will continue to release micropatches for Windows 7 for the next three years.