Tuesday, August 8, 2023

Three More Years of Critical Security Patches for Windows Server 2012 and Windows Server 2012 R2

Can't upgrade your Windows Server 2012 to a newer windows server? No problem.


As an on-premises Windows Server 2012 user, you probably know that Microsoft plans to end its support this October. This means no more Windows updates, including security fixes, and the chilling prospect of your servers becoming progressively vulnerable as new security issues are inevitably going to be discovered.

If you're lucky enough to be an "eligible customer with Software Assurance under an Enterprise Agreement", you will be able to purchase up to 3 years of Extended Security Updates (ESU) from Microsoft for an annual cost equal to "100% of full license price annually".

Those of you who aren't eligible or have other reasons not to purchase ESU, but want to keep using your servers securely - we have good news for you!

Remember Windows Server 2008 R2 going out of support more than three years ago? Well, we security-adopted it and have thousands of customers still running this server securely with our security patches today. Meanwhile, the three-year ESU period for Server 2008 has already ended for on-premises servers, and we committed to continuing our support for at least two more years.

Now we'll do the same for Windows Server 2012 and Windows Server 2012 R2, starting with three years of critical security patches that will last until October 2026. In contrast to Windows Server 2008 where we only security-adopted the R2 version, we're seeing a sufficient interest in non-R2 version of Server 2012 to add it to the list of our security-adopted products.

If you're new to 0patch and our security patches, we have a lot of information in our Help Center but here's a quick overview:

  • 0patch provides critical security patches for vulnerabilities that are likely to be exploited.
  • Our tiny patches (usually just a few CPU instructions) get applied in memory of running processes; we don't change original executable files.
  • Patches get applied and un-applied instantly, without restarting the computer.
  • Apart from critical security patches for vulnerabilities Microsoft will patch on still-supported Windows versions, you will also get our "0day" patches for vulnerabilities that don't yet have official security patches.
  • 0patch Central allows for central management of all 0patch Agents.
  • 0patch costs a fraction of the cost of Extended Security Updates. (Consider Pro plan for a single server, and Enterprise plan for multiple servers with central management.)


To use 0patch on Windows Server 2012 after October 2023, you will need to:

  1. Create a 0patch account if you don't have one yet.
  2. Install 0patch Agent on the server and register it to your 0patch account. (See 0patch Agent user manual for instructions on silent deployment and auto-registration in selected group.)
  3. Install October 2023 cumulative Windows Update for Windows Server 2012 as soon as possible. (Our patches will be targeting these exact versions of Windows executables. 0patch Agent will work without this update but our patches for EXEs and DLLs modified by October 2023 Windows Update will only work on these latest versions.)
  4. Make sure to have a suitable number of licenses in your 0patch account: each computer with a registered 0patch Agent needs one license.


October is getting close - start testing 0patch in your environment now to iron out the wrinkles without too much rush. To start a free trial, create a free account in 0patch Central, then let us know at sales@0patch.com which email you used for that so we can issue a couple of trial licenses to your account.


Frequently Asked Questions

Q: How long do you plan to provide critical security patches for Windows Server 2012 after October 2023?

A: For at least three more years - until October 2026. Depending on the demand, we'll consider an extension.

Q: How many vulnerabilities have you patched for Windows Server 2008 R2 and Windows 7 since January 2020?

A: Since January 2020 when we "security-adopted" Windows 7 and Windows Server 2008 R2, we have issued patches for 67 critical security issues on these systems that were at high risk of being exploited. Many of them were later actually confirmed to be exploited in the wild and even more of them became part of various exploit kits that even a low-budget attacker could easily use against unpatched systems.

Q: Are your micropatches actual code patches or "virtual patches"?

A: Our patches are actual code patches; we add a couple of CPU instructions to the original (vulnerable) executable code to remove the vulnerability. Such patches cannot be bypassed, which literally any other exploit protection mechanisms - including virtual patches - can be.

Q: Will we be able to continue using Microsoft Edge securely on Windows Server 2012 after October 2023?

A: We have also security-adopted Microsoft Edge in January 2023, so you'll be able to keep using Edge securely even though it won't get updated by Microsoft anymore. We're also still providing security patches for Internet Explorer, which is still effectively part of the operating system.

Q: We'd like to see a demo.

A: Send an email to sales@0patch.com and provide your company name and time zone so we can suggest a couple of dates for the demo. 

Q: We'd like to set up a trial.

A: Create a free account in 0patch Central, then let us know at sales@0patch.com which email you used for that so we can issue a couple of trial licenses to your account.

Q: We have more questions about 0patch.

A: Our Help Center has a lot of answers but if you can't find yours there, feel free to contact us at sales@0patch.com.

1 comment:

  1. Yep. I'm going with 0patch for my 3 2012R2 servers! They need to hang around for 1-2years. You guys rock.