The November 2021 Patch Tuesday updates from Microsoft and Adobe are out.
Microsoft documented 34 different bugs that were worrisome enough to get CVE numbers, while Adobe listed three (the Adobe products with bugs of CVE-level seriousness are RoboHelp Server, InCopy and Creative Cloud, in case you were wondering).
You can read up on the details of this month’s Microsoft’s patches on our sister site Sophos News…
…where you will find our observation that:
The [updates include] a critical patch to the Windows Servicing Stack, which is how Windows delivers and installs updates, especially to machines that are running versions of Windows no longer receiving regular support. That’s especially important this month, because several of the updates have been released for systems as out-of-date as Windows 7, which as of today is 665 days past its official end of life on January 14, 2020.
In case you’re wondering, this isn’t one of those “this security hole is so terrible that we are even providing free patches for long-gone products like XP and friends” announcements that happen from time to time.
You need to be part of the Windows 7 Extended Support Updates (ESU) programme to get this particular update – and, yes, enrolling for extended support costs extended money.
Extended Support Updates update
Interestingly, however, just before this Patch Tuesday, Microsoft updated its Windows 7 Extended Support Update advice, and if you were secretly hoping that you would be able to buy some extended time for your extended updates, you might be disappointed (our emphasis below):
Update 2021.11.05: For Windows 7 SP1 and Windows 7 Professional for Embedded Systems, the Extended Security Update (ESU) Program will be entering its third and final year of extended support beginning on February 8, 2022 and ending on January 10, 2023.
For Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure, ESU will have one additional year of extended support available beginning on February 14, 2023, ending on January 9, 2024.
Just so you know
So, Windows Server 2008 will, for the right money, fight on for another year, giving you just over two years from now to upgrade to a modern version of Microsoft’s server operating system.
(Or two years switch to another platform, such as Linux or one of the BSDs, but we’re not sure how many sysadmins will want – or would be allowed, even if they wanted – to do so.)
But Windows 7 is definitely done for in just over a year’s time.
We know that some people are determined to stick with it, for a range of reasons, usually including two or more of the following: [1] I can run it on older computers [2] I’ve finally customised it the way I want, [3] leave my Start Menu alone, and [4] security updates are over-rated as long as you’re careful.
But the overtime clock really is ticking, and it really is ticking down for good, with no double overtime in sight, neither for love nor for money.
We’re convinced that if there were still any chance of Microsoft relenting and adding extended extended support, even if it meant paying extra extra fees, the company wouldn’t have committed publicly to extending support for Server 2008 in the same message that it committed publicly to not extending support for Windows 7.
Just so you know!
Laurence Marks
” [3] leave my Start Menu alone”
This is the funny one. There was (and is) a huge resistance to Windows 10 over this and it’s such a simple thing to learn. And it’s not much more difficult to use.
But what’s really funny about it is that Microsoft began development on this for Windows Phone (where tiles make sense) and dictated that it would be used across the product line for uniformity.
But by the time Windows 10 was ready to ship, Windows Phone had already been cancelled.
The funny part is that no one at Microsoft had the backbone to say “Let’s go back to the old menu since there’s no phone.”
(One of these days someone at Sophos will figure out how to set up WordPress so that these comments accept newlines.)
Paul Ducklin
FTFY :-)
(I just put in two consecutive newlines, produces a paragraph break, Let me know if you want the paragraph gaps changed!)
Rhonda C
If I had known Windows 7 was still available I could have saved myself 2 years of agony, anger, and frustration. I thought I read the date of death for Windows 7 was about 2 years ago. Now I’m really angry knowing that all this time I could have been using the best OS that MS created, Windows 7. Windows 10 expects me to be an IT person. I am one person at home with no need for all the fancy crap and when I attempt to find a website to fix a problem, there are several websites BUT one must be aware that you choose the correct one, not from 2017.
MS downloaded Windows 10 on my old computer and I believe all of my Windows 7 has been saved, and if I can go back and download 7 that’s just what I’m going to do.
Paul Ducklin
Hmmm. Windows 7 still *runs* (it has no shutoff switch that I know of), but it’s no longer available to purchase afresh, and it’s no *supported* (notably, it doesn’t get security patches) unless you pay extra. As the article says, “You need to be part of the Windows 7 Extended Support Updates (ESU) programme to get this particular update – and, yes, enrolling for extended support costs extended money.”
Personally, I found Windows 10 to be the first version of Windows I would have been happy to adopt if I were required to use Windows for my everyday computing. And Windows 11 is like Windows 10, only slightly nicer to look at. I never really liked XP, bit too 1999 for me, and Windows 7 was just more of the same. Maybe I am unusual but this “modern” flat look to everything – a little breath of colourful digital Bauhaus, is how I think of it – is IMO a vast improvement on the gaudy faux-3D user interface visuals of earlier version of Windows. But that’s just me, I guess :-)
Dude Sweet
And to further Paul’s emphasis on paying for 7’s Extended Support- it’s only available to government, education, and enterprise customers. And it costs A LOT. (well, “a lot” is certainly relevant, but it’s certainly true if you’re not one of those types of customers).
Windows 7 should be considered DEAD for all intents and purposes if you are not a large organization.
John Knops
Rhonda has made a good point. There are thousands of us who use computers for mundane tasks with mundane programs we bought many years ago which work just fine for our needs. The new operating systems are for the techies out there and the gamers who need fancy things to beat someone else ina time consuming game. Yes, corporate users need it also because IT depart,ents must buy the latest and spend money to justify their existence. I go to a chain hardware store in Canada and their point of sale terminal (aka cash register) still runs a COBOL program from the last century. It works just fine for them. So, too with me. I wok with a Mac Mini and I had spent thousands with Apple buying programs especially Aperture which was $400 purchase and I got used to it and then lo and behold Apple decides that 32 bits isn’t something they want to continue with and out comes Big Sur and my investment is shot. I have to learn Photos which didn’t translate all my Aperture photos correctly. The came Monterey which totally crashed my system. I was smart and backed up everything in Big Sur. But now I have a project for my Aperture and iPhoto and of course neither Big Sur, nor Aperture works what I need so I erased and loaded the last useful OS, Mojave. But can I restore from my full Back Up. Hell no. Apple says “you backed up with a different OS and we went and reformatted the disc before backing up which simply means Mojave works with a tarnished old useless file system and won’t read your Time Machine and too bad for you”. Yes, I also have a laptop running Windows 10 sort of. At least Microsoft lets me use my old programs, like Word Perfect 8, from days long ago.
Why can’t either of the Big Boys develop two systems one for the home users who don’t need bells, whistles, notifications, reminders and a Lamborghini. Call it Windows At Home or Big Sur at the Beach House for us and the bells, whistles, with full 7.1 sound London Symphony for other users who want it, know how to use it and have the money to buy programs suitable for The Lamborghini. After all MS does it, or used to, with their “useful packages” for Home, School, and Office.
If the older operating systems are no longer “supported” isn’t Sophos there to protect us and keep us secure?
Paul Ducklin
Yes, our software generally runs on retired opertating systems even after they go out of support – for as long as we feel comfortable doing so – but no one can safely support ancient OSes any more if the vendor itself won’t, because it’s impossible to get support to support your own software properly :-(
As for the Time Machine issue, I’ve only ever made passing use of Time Machine (as execellent and as easy-to-use as it generally seems to be), mainly for the reasons that you say: it’s not a very generic form of archive. (Notably, yoiu can only reliably access the data with specific Apple hardware and software.) I usually just archive my macOS data into encrypted files (e.g. tarballs enrcypted with GPG) stored on a removable drive formatted under a widely-supported filing system such as ExtFAT. Admittedly, any files that are specific to Apple apps, e.g. Keynote presentations, might require a specific macOS version anyway, but I try to keep as many files as I can in neutral or open file formats, which is why I compose all my Naked Security articles in a text editor (I currently use Visual Studio Code) and save them as plain TXT files in UTF-8 format, export my presentations as PNG images as well as keeping the Keynote files, export any iMovie content as plain MOV or MKV files, and so on.
I *think* you may be able to get out of your Time Machine bind as follows, but unless you have a second Mac handy it might involve quite a lengthy dance:
1. Install Big Sur and restore the backup, which almost certainly exists as files on an APFS volume, the new sort of Apple disk format that replaced HFS+, which I think Apple’s utilities refer to “Mac OS Extended (Journaled)”.
2. Prepare a blank backup drive by hand using Disk Utility, and forcily choose to format it as “Mac OS Extended (Journaled)”. (Don’t re-use the drive that contains the backup you already have! Use a different drive! If this method fails, you will then at least have a backup you can restore *somewhere*.)
3. Backup your data to the pre-formatted disk. Don’t let Time Machine “upgrade” the disk by reformatting it using APFS.
If you can do this, the HFS+ backup volume ought to be restorable on a much wider range of OS X and macOS versions.
I haven’t tried this, so it’s just an educated guess, but I suspect that most older Mac versions – ones that don’t support APFS – will then be able to read back the files, assuming that the Time Machine utilities are compatible. Having said that, I might be wrong about why you can’t restore it, because Mojave (as far as I know) should support APFS… but if”incompatible filesystem” is your problem, then deliberately using an older, albeit no longer preferred, filesystem seems like a good think to try.
If all else fails, you may need to restore the backup to a Big Sur system and transfer the files some other way, for example over a network cable from a trusted friend’s computer (running an OS that can restore them) to your Mac (that can store them). A wired network (even a decent, modern Wi-Fi network) dedicated to backup should be about the same speed, or perhaps even faster than, a typical USB drive, unless it’s an SSD drive with no moving parts.
KGHN
I still need my Win7-32 daily driver; Microsoft no longer supports my business’ custom 16-bit FoxPro 2.6 for DOS bookkeeping application (a Microsoft product language BTW) under newer Windows releases. I’m slated to experiment with WINE under some Linux flavor as soon as schedule permits (has been pending for a couple of years, no break in other work). Printer use, drive letters, and shortcut keys are troublesome. DOSBOX would not support XyWrite III+’s key combinations when I tried it. Suggestions, anyone?
Paul Ducklin
FreeDOS in a VM? (It boots so fast you think it’s broken at first :-)
From freedos.net: FreeDOS is an open source DOS-compatible operating system that you can use to play classic DOS games, *run legacy business software* [my emphasis], or develop embedded systems. Any program that works on MS-DOS should also run on FreeDOS.
Dude Sweet
The bigger problem is that your business is relying on a 16-bit application for something as commonplace as bookkeeping. Something like that is usually indicative of deeper organizational issues. I’d NOPE my way out of there.
Rhonda
Thanks, Paull
This is what I found out. Windows 7 is receiving updated support only if you are a business. This link may be of some help. They are not Microsoft, but as was explained to me, partners with Microsoft.
https://blog.bemopro.com/cybersecurity-blog/how-can-i-get-windows-7-extended-security-updates-2021
Rhonda
Dude Sweet
Windows 7 ESU is a program generally only available to large organizations such as governments, schools, and enterprises. It’s not even feasible for most small or medium businesses. It’s purpose is to allow extra time for these types of orgs to update legacy applications and computers that run processes critical to the organization, since these types of things sometimes require months or years to implement.