Towards Micropatching the "Security Update Gap"
by Mitja Kolsek, the 0patch Team
[Update: We initially security-adopted only Windows 10 v1809, but were then approached by customers needing micropatches for v1803 as well, so we security-adopted that version too.]
The May 2021 Windows Updates will contain the last official security fixes for many editions of three Windows 10 operating system versions:
- Windows 10 v1803
- Windows 10 v1809
- Windows 10 v1909
For organizations with any of these versions installed on their computers, this means the end of official security patches, and a pressure to upgrade to a supported Windows 10 version. Such organization-wide operating system upgrade may seem like a simple, mostly automated task - but in reality, updates break things:
- Windows 10 October 2020 Update biggest problems and complaints
- Windows 10 May 2020 Update biggest problems and complaints
- Windows 10 May 2019 Update biggest problems and complaints
In addition, with many users working from home these days, upgrading an operating system involves users downloading a huge update via their home Internet connection and difficult remote assistance in case something goes wrong with the upgrade.
Consequently, customers were approaching us in recent months asking whether we were planning to security-adopt some of these Windows 10 versions (mostly version 1809, later also version 1803), as they were looking for ways to keep using them securely.And so we've decided to security-adopt Windows 10 v1803 (build 10.0.17134) and v1809 (build 10.0.17763) - as we have previously security-adopted Windows 7, Windows Server 2008 R2, and Office 2010.
Starting this month, initially for one year, we will actively gather information about vulnerabilities affecting Windows 10 v1803/v1809 and, based on our risk criteria, create micropatches for this operating system. We will be particularly interested in any vulnerabilities patched by Microsoft in still-supported Windows 10 versions, and whether they might affect v1803/v1809 as well.
These micropatches will be included in 0patch PRO and Enterprise licenses along with all other micropatches we're issuing - which means that users protecting their Windows 10 v1803/v1809 with 0patch will also receive our occasional micropatches for "0day" vulnerabilities in various products.
In order to have our Windows 10 v1803/v1809 micropatches applied, users will have to have their computers fully updated with the latest (May 2021) official Windows Updates provided by Microsoft.
We welcome all interested organizations with Windows 10 v1803/v1809 to contact email@example.com for information about pricing, deployment, or setting up a trial. If you happen to be using a large number of v1909 versions in your environment, also let us know as given sufficient demand we will security-adopt those too.
Addressing The Security Update Gap
Our security-adoption of an unsupported Windows 10 version is an important milestone on our journey towards addressing the "security update gap" on supported Windows versions, which aims to allow organizations to protect themselves with our micropatches while thoroughly testing monthly Windows Updates before deploying them. And eventually even skipping one or two monthly updates under our protection.
To learn more about 0patch, please visit our Help Center.