Safety of Windows 7 and Server 2008 will ensure ACROS Security

After Microsoft discontinues support for Windows 7, Windows Server 2008, and 2008 R2 operating systems on January 14, 2020, their users will no longer receive security updates. Safety of these OSs will be ACROS Security responsibility.

ACROS Security’s research lab said it will take the necessary changes to the legacy OS. They will, as before, be distributed to users through the 0patch platform in the form of micropatches.

The program is designed to close vulnerabilities by replacing unsafe code fragments not on the hard drive, but directly in the RAM, at startup of the system or application. This allows you to install updates instantly and remotely, without having to restart the computer.

Security Windows 7 will ACROS

Mitja Kolsek

“This option will be convenient for those who are completely satisfied with the usual operating system, as well as for those for whom the transition to Windows 10 is difficult due to compatibility issues” – said Mitja Kolsek, CEO of ACROS Security.

Despite the fact that Microsoft offers to extend technical support for three years for corporate customers for a fee, and also promises to do the same for computers of the US federal election system for free, most users will be left without official updates.

It is planned that experts from the 0patch team will check Microsoft’s security recommendations and all updates for current OS versions every Tuesday of patches. If vulnerable code fixed in Windows 10 is also present in Windows 7, experts will immediately begin to check the likelihood of exploitation and creation of a working exploit.

In this case, researchers can use the existing proof-of-concept – published officially or obtained from trusted sources – or create it yourself. This is necessary to accurately identify the code fragments that need to be modified.

Read also: Microsoft & Marsh: Most corporate executives see cyberattacks as a major risk for companies

Corrections will be made according to the model set by Microsoft developers for the current version of the operating system. After testing, the micropatches will be ready for installation on users’ computers within an hour.

Currently, the 0patch group is working on a management system similar to WSUS (Windows Server Update Services). This development will allow corporate administrators to split computers into groups with different policies in order to quickly test micropatches and centrally distribute them across machines, setting or canceling the application in a couple of clicks. You can also view alerts, graphs, reports, and other related information on the service. The developers promise to create a local version of the server 0patch.

“Such third-party tech support will still cost $25 a year for Enterprise licensees, but micropatches for critical vulnerabilities will be available for free.”- said Kolsek.

Alternative from Microsoft:

It should be noted that participation in the official Extended Security Update (ESU) program, under which Microsoft updates its obsolete products, will cost Windows 7 Enterprise owners $25, and Windows 7 Pro owners $50, but the price will double each year. If the organization is connected to the Azure cloud, it will be able, by registering for the Windows Virtual Desktop service, to receive updates for Windows 7 for free within the ESU until 2023 – until it completely switches to Windows 10.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment