This exploit could give users free Windows 7 updates beyond 2020

The tool, built to bypass extended support eligibility checks, was successfully tested on a dummy Windows 7 update

Members of an online forum have developed a tool that could be used to bypass eligibility checks for Windows 7 extended support and receive free updates after the OS reaches end-of-life.

Only a handful of Windows 7 users can continue to receive updates from Microsoft through its paid-for Extended Support Updates (ESU) programme after 14 January, through to January 2023.

This scheme was first introduced for enterprise customers in August and later extended to SMB users after Microsoft identified “challenges in today’s economy”.

The ESU programme is not available to all businesses, however. Users on tech support platform My Digital Life have therefore developed a prototype tool that could theoretically allow ineligible businesses to continue to receive free updates beyond 14 January.

Before ESU patches are beamed to eligible machines, Windows 7 performs a check to determine whether or not users can receive these updates. This involves the installation and activation of an ESU license key. The created tool bypasses this eligibility check, which is only performed during installation, so users would, in theory, continue to receive Windows 7 updates for free through the ESU scheme without paying an ESU subscription.

The bypass was tested on the Windows 7 update KB4528069, a dummy update which was issued to users in November so they could verify whether or not they were eligible for extended support after 14 January.

Although the tool has worked on the test patch, its creators urged My Digital Life forum members to consider this as a prototype, and not a fully-fledged workaround, as things may change by February 2020.

Microsoft will be keen to ensure there aren’t any ways to undermine the ESU scheme once Windows 7 reaches end-of-life due to the sums it’s charging eligible businesses, and an ultimate desire to shift machines to Windows 10.

The firm is likely to change the way the eligibility check is performed given how simple it’s been proven to bypass.

Related Resource

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

It's certainly not a tool that Microsoft is likely to condone, but it does demonstrate the extent to which Windows 7 is still popular as users are trying to retain undisrupted access to the legacy OS.

Businesses have just weeks to upgrade their devices running Windows 7 and Windows XP or face restrictions on accessing critical security updates.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
What is phishing?
phishing

What is phishing?

25 Nov 2020