Share via

Windows Server 2008R2, WSUS Still Pulling Patches? June 2024

Christopher Torrance 0 Reputation points
2024-06-14T10:24:30.44+00:00

Every Patch Tuesday I synchronize my environment's WSUS server and begin to approve patches for our servers. The last few months I have still been seeing patches being made available for 2008R2 eg. KB5039274, are these real security patches? As far as I was aware there were 4 years of ESU made available but NOT a 5th? Assume there may be some very large customers with 5/6 figure server estates that may have been offered a 5th year under the table but is there any reason its being made available to everyone's WSUS? if no one can install them, why even bother? FYI - I am aware there are caveats for ESU with regards to Servers in WSUS (Azure VMs or Arc Connected), I am referring to isolated on premise servers only.

Windows for business | Windows Server | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 50,895 Reputation points MVP Volunteer Moderator
    2024-06-14T11:58:32.3+00:00

    They are - but to install them, the target WS 2008 R2 servers would need to reside in Azure. Attempting to deploy these patches to your on-premises servers will fail.

    Details are available at https://learn.microsoft.com/en-us/windows-server/get-started/extended-security-updates-overview

    Btw. note that Azure Arc-based support is no longer available for WS 2008 R2 (it is for WS 2012/2012 R2)

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. Anonymous
    2024-06-18T02:57:01.68+00:00

    Hello,

    The availability of security patches for Windows Server 2008 R2 after the end of extended support depends on the customer’s eligibility for Extended Security Updates (ESU) and the licensing agreement they have with Microsoft. By default, Windows Server 2008 R2 does not receive security updates after the end of its extended support period.

    However, Microsoft may offer additional support in the form of ESU to customers who meet specific criteria, such as having an active software assurance or subscription agreement. These customers can purchase ESU to continue receiving security updates for a limited period of time beyond the end of extended support.

    It’s possible that the patches you are seeing in your WSUS server for Windows Server 2008 R2 are related to ESU. Microsoft may make these updates available through WSUS to ensure that customers who are eligible for ESU can easily access and deploy them.

    As for the reason to make these patches available even if they cannot be installed on all servers, it could be for several reasons:

    Compliance: Some organizations may have compliance requirements that necessitate tracking and reporting on all available updates, even if they cannot be installed on certain systems.

    Visibility: Making patches available in WSUS ensures that administrators are aware of the updates and have the option to manage them if they are relevant to their environment.

    Future migrations: Keeping these patches available helps organizations in their transition plans to newer supported versions of Windows Server. It allows them to identify and track what updates are needed as they migrate their server infrastructure.

    Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.