Blog Post

Windows IT Pro Blog
6 MIN READ

[ARCHIVED] How to get Extended Security Updates for eligible Windows devices

Poornima_Priyadarshini's avatar
Poornima_Priyadarshini
Icon for Microsoft rankMicrosoft
Oct 17, 2019
Note:  A new version of this blog post was published on February 11, 2020. Update 11.26.2019: Windows 7 Extended Security Updates (ESUs) will be available via the Cloud Solution ...
Updated Feb 11, 2020
Version 10.0
security
servicing and updates
alex335678's avatar
alex335678
Brass Contributor
Dec 20, 2019

To quote a conversation I had with Insight yesterday, "Microsoft has not made a clear statement what SPLA companies should do and is making us be the bad guy.  All the cases we've escalated to them with legitimate business cases are getting ignored, and no one is responding."   Joe_Lurie we totally understand you guys have been communicating but we are all clearly still having issues actually acquiring the ESU for Windows Server 2008 R2.  This is major security risk for a lot of customers and if you read the threads above, we are getting NO RESPONSE from Microsoft on Windows Server.  The only responses are around Windows 7.  What are IT pros supposed to do that run more than just Windows 7 desktops?  The CSP program is only selling Windows 7 (and even that is not working for many people, it's even starting to hit tech media https://www.zdnet.com/article/so-you-want-to-keep-running-windows-7-good-luck-with-that-small-businesses/ how difficult it is actually to acquire the licenses).  Why isn't Windows Server 2008 R2 included in the CSP licensing?  EA requires 500+ users... what are small businesses supposed to do or SPLA hosting companies?

 

We need clear direction on what small businesses that cannot take Windows 2008 R2 servers and just move them to Azure (even though we'd love to and have done that for newer workloads, Microsoft must understand that not all workloads CAN be moved to Azure).  

I'd also like to share some statistics from December 2019.. there are still 32 million web servers on the public internet running Windows Server 2008 R2 (it comes with IIS7.5).   https://trends.builtwith.com/Web-Server/IIS-7 and https://w3techs.com/technologies/details/ws-microsoftiis are both reputable stats that track usage of web servers online.  Some slightly different numbers but still very significant https://secure1.securityspace.com/s_survey/data/201911/servers.html And here is a list of sites using IIS7.5 https://trends.builtwith.com/websitelist/IIS-7

 

This is a MAJOR security issue and your customers are complaining that we can't actually purchase the ESU licensing despite a lot of efforts to work with MULTIPLE major distributors, and Microsoft.  Please consider the ramifications of these decisions and help us protect our customers, and YOUR data because all these websites are small government and small business organizations that will be hurt.  2020 will be a year of MANY MORE hacks as a result of us not being able to purchase the extended security update licenses that you are selling already.  Please help us prevent a disaster.