If you have been living in the Microsoft .NET ecosystem as long as we have, you eagerly wait for the second Tuesday of each month for Microsoft’s monthly scheduled update release that covers nearly all of their products and services. Microsoft’s “Patch Tuesday” is almost a monthly holiday event. The Patch Tuesday release on February 11, 2020, was bigger than usual and held a few surprises. Here is an overview.
What Microsoft Products and Services Are Affected By This Security Update?
Sometimes the releases are small, with only a few software products impacted. Other times a lot of software is updated, but it is small stuff. If you follow our blog posts (and why wouldn’t you?), then you know we almost never write blog posts to cover them because … well, it’s normal stuff. But the February 2020 Patch Tuesday release covered a LOT of products with deep and meaningful updates. It even included updates to Windows 7 which — we had been assured — would NOT happen.
Here is a list of all of the software that was updated in meaningful ways:
- Microsoft Windows (all versions)
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- ChakraCore (a JavaScript fork for Edge Browsers)
- Internet Explorer
- Microsoft Exchange Server
- Microsoft SQL Server
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Malicious Software Removal Tool
- Windows Surface Hub
As you can see, these updates affected major Operating Systems (Oss), software apps, databases, and hardware. It is one of the largest updates in scope we’ve seen in a long time. If you are running any of these products, you should review the update details, prepare your tech stack, and update as soon as possible. That said, there are a few things that jumped out to us that deserve special attention.
Windows 7
We were pleasantly — and curiously — surprised that Microsoft included updates for Windows 7. But these updates come at a price.
In case you haven’t been paying attention, the prevalence of active Windows 7 installs running on public, internet-facing servers and computers was still huge at the end of 2019. Officially, Microsoft ended support for Windows 7 on January 14th of this year. But there was a problem … fully 30% of ALL Windows-based machines in existence were still running Windows 7! Everyone thought that number would drop a LOT last year because Microsoft ran a promotion to get all those old install updates by offering ways to get free, upgraded licensed versions of the latest version (Windows 10) at no cost.
A lot of computers were upgraded with that free promo, but not nearly enough. The fear of unsupported computing units had a bigger impact. There are reports that January 2020 was the #1 upgrade month in Windows history as more than 13% of those old Windows 7 boxes made the jump (4.5% of all Windows boxes). But that also means that more than 25% of all Windows computers stubbornly resisted.
No one wins — especially Microsoft — if news breaks that a few million Windows-based computers become compromised. But Microsoft also has to move on and cannot support the ELEVEN-YEAR-OLD operating systems forever. So Microsoft created a paid, enhanced support option for Windows 7 machines. And the patch Tuesday release of February 11th has updates that you can access IF you have paid for the continued security support.*
If Windows 7 were a person, it would be entering its rebellious teenage years — and no one wants to go through that again. We’ve got to say folks … Microsoft is bending over backward here. There is no justifiable reason that your mission-critical apps and websites should be running on a Windows 7 installation. If you are stuck and need help — or even just some advice on what your company needs to do – give us a call.
Windows 10
The Windows 10 updates were cumulative. That means that the current February 2020 update included all Windows 10 updates, including non-security-related updates and fixes. So, if you haven’t updated your Windows 10 install in a few months you should get caught up now … right now.
Summary
For us, security is job #1. It continues to be our strong advice that ALL of your software and operating systems should be kept up to date to the latest versions. We understand that conflict issues, workflow, and — in the case of long out-of-date OSs — financial concerns can make a business or IT manage reticent to keep up with updates. But the risks of not updating software — in our opinion — FAR outweigh the marginal costs. If you want to discuss your situation or learn about the risk, just give us a call. We are always happy to help.
* Microsoft’s paid continuing security support service covers Windows 7, Windows Server 2008, and Windows Server 2009 R2. You can get additional information about this program using the link below.
Additional Links and References
Learn about Microsoft’s paid continuing support for Windows 7 here:
https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates
The number of Windows 7 computers at the end of January 2020 as reported here:
https://www.computerworld.com/article/3199373/windows-by-the-numbers-windows-10-spikes-windows-7-dives.html
You can get a complete listing of all the updates, fixes, and changes in the official security update notes from February 2020 here, along with additional KB info:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb