Microsoft Silently Kills Windows 7 Security Updates on Older PCs

Microsoft Silently Kills Windows 7 Security Updates on Older PCs

The verbiage is simple, clear, and easy to understand. On January 14, 2020, Windows 7 will exit extended support. After that date, it will receive no security patches or updates of any kind. That date is listed on Microsoft’s “Windows lifecycle fact sheet.” And apparently, it isn’t worth the screen it’s printed on. If your PC doesn’t support SSE2 — the SIMD instruction set introduced by Intel with the Pentium 4 and by AMD with its Athlon 64 processors — Windows 7 will no longer update or patch properly on your machine. And Microsoft is attempting to make an end-run around its own customers by stealthily changing the verbiage in its own KB articles, in the hopes that users won’t notice.

Microsoft Silently Kills Windows 7 Security Updates on Older PCs

Back in March, Microsoft published a cumulative set of Windows 7 patches, KB4088875, even though it knew the update had a major flaw: It couldn’t install on any system that didn’t support at least SSE2, as ComputerWorld reports. The same update also broke networking support in several different ways, which may explain why we didn’t hear more about the SSE2 issue at the time, though not many people have non-SSE2 systems at this point. These problems weren’t resolved in a timely fashion — they persisted through March, April, and May. Throughout this time period, Microsoft’s guidance remained that it was aware of the problem and working on a solution, as shown in the image below.

KB4088875 – March 13 original text. From Wayback Machine.
KB4088875 – March 13 original text. From Wayback Machine.

This guidance was carried forward as the bug continued to plague systems without SSE2 support. For example, in a separate KB article — KB4284826, published June 12 — Microsoft again stated that it was working on a resolution and would resolve the problem.

KB4284826 – June 12 original text. From the Wayback Machine.
KB4284826 – June 12 original text. From the Wayback Machine.

Both of these guidances are now only available on the Internet Archive. The more recent article, KB4284826 has been updated to remove any mention of the SSE2 bug at all. Meanwhile, if you visit the KB4088875 page today, here’s what you’ll see under the “Resolution” column:

KB4088875 – New text.
KB4088875 – New text.

“Upgrade your machines with a processor that supports SSE2 or virtualize those machines.”

A Matter of Principle

There are two ways to look at this situation. On the one hand, there are very, very few people still banging around the internet on a Pentium III class processor. The fastest P3 ever built — the Tualatin core — topped out at 1.4GHz. A dual-socket Tualatin server system that allowed for overclocking (if any such motherboard or workaround ever existed) would still be stuck at a fraction of modern CPU performance. You’d get better results out of a modern phone.

But as Computerworld notes, there are still people running Windows 7 on old P3 systems, even if there aren’t very many. And more to the point, there’s no asterisk in Microsoft’s life cycle guidance. There’s no dividing line that states that some Windows 7 customers will continue to receive support while others won’t. And it’s just the latest example of how the company has been trying to shed its obligation to support its own operating systems every single way it can.

Over the last few years, Microsoft has declared that later-model Intel and AMD CPUs would not be supported in any OS except for Windows 10. It recently announced it would no longer provide support to various forums devoted to, among other MS products, Windows 7 and 8.1.

It goes without saying that there are 10,000 reasons to upgrade from an ancient Pentium III or original Athlon system to something that can run SSE2, an SIMD instruction set that’s nearly old enough to drink. This is scarcely an impassioned defense of computing on a nearly twenty year-old CPU. But there’s also good reason for Microsoft to be consistent in its product messaging and marketing. Telling people that you’ll support a product with security updates until January 14 2020 means supporting the product with security updates until January 14, 2020.

If Microsoft wants to change that guidance, it’s welcome to do so. It can kill Windows 7 tomorrow if it feels like it, and wants to deal with the inevitable lawsuits that will follow. So how about some guts, Redmond? After all, if this change doesn’t impact anyone, it won’t actually matter to announce it, right?

Right. Which is why the company handled the issue by stealth-changing its KB article messaging and hoping nobody noticed.

Continue reading

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

Apple Urges Immediate iPhone Update to Block Active Online Hacks
Apple Urges Immediate iPhone Update to Block Active Online Hacks

There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.

Samsung Promises to Update Its Android Phones Even Longer Than Google
Samsung Promises to Update Its Android Phones Even Longer Than Google

Smartphone updates have been a mess for as long as the modern smartphone has existed, but Samsung just took a big step in the right direction: The company has decided to extend security update support to a full four years.