Michael C

<div>
Seems this is a trend on software world that all subscription / update will be by yearly paid... It is fair if the product is still popular and more effort for improving the security and bug... but we have to change our boss mind set for paying more money on it..
</div>


<div>
This has nothing to do with software subscriptions. &nbsp;WS2K8R2 came out in October 22, 2009 and Microsoft gave you updates for more than the 10 years that they wadi they would <br />
Software Assurance is a form of subscription this gives you access to all current and most older operating systems &nbsp;or action Pack ($500USD/year) <br />
<br />
Microsoft has decided to be nice and give you 3 more years but with a price<br />
$50/$100/$200 for extended support past end of life.
</div>


<div>
<div class="content wysiwyg-content fr-view">
Hi expert<br><br>I have a Windows 2008 R2 server, and would like to apply the patch for fixing CVE-2020-1472 zero net-logon vulnerability. However, it said it requires ESU license to get the patch.<br><br>Is it true? because I learn that Microsoft will free for offering some extremely high vulnerability for the EOL OS.<br><br><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472" rel="ugc">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472</a><br><a href="https://www.catalog.update.microsoft.com/Search.aspx?q=KB4601363" rel="ugc">https://www.catalog.update.microsoft.com/Search.aspx?q=KB4601363</a><br><a href="https://support.microsoft.com/en-us/topic/february-9-2021-kb4601363-security-only-update-a37e890f-974f-7bdb-2664-b627e9436b06" rel="ugc">https://support.microsoft.com/en-us/topic/february-9-2021-kb4601363-security-only-update-a37e890f-974f-7bdb-2664-b627e9436b06</a><br><br>Thanks, M<br><br>
</div>
</div>



Hi expert
I have a Windows 2008 R2 server, and would like to apply the patch for fixing CVE-2020-1472 zero net-logon vulnerability. However, it said it requires ESU license to get the patch.
Is it true? because I learn that Microsoft will free for offering some extremely high vulnerability for the EOL OS.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4601363
https://support.microsoft.com/en-us/topic/february-9-2021-kb4601363-security-only-update-a37e890f-974f-7bdb-2664-b627e9436b06
Thanks, M

CVE-2020-1472 on Windows 2008 R2

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.