The recent WannaCry ransomware attack demonstrates the importance of automatic security updates. No matter how careful you are, malware could exploit a security hole over the network and gain control of your system—unless you install security patches.
But Microsoft doesn’t support every version of Windows forever, and there are different types of support. For example, Windows 7 is no longer receiving “mainstream support”, but is receiving “extended support”—what does that mean?
What’s the Difference Between Mainstream Support and Extended Support?
There are two main levels of support: Mainstream support and extended support. When a Windows operating system is first released, Microsoft provides mainstream support for five years. The operating system will receive security updates, free support via telephone or web chat, and bug fixes that aren’t security related.
After leaving mainstream support, the operating system transitions to extended support for another five years. The operating system will still receive security updates, but you’ll have to pay if you want telephone or web chat support from Microsoft. Businesses can pay for “Extended Hotfix Support” to request fixes for bugs that aren’t related to security.
Both mainstream support and extended support include free security updates. So, while Windows 7 is currently in its extended support period, there’s nothing to worry about in terms of security—it will continue receiving free security updates until the support period ends. You just need to make sure you enable updates, or you won’t get the security fixes you need, and may be vulnerable to new attacks like WannaCry.
You Must Have the Latest Service Pack (or Update)
While security updates are provided through the mainstream and extended support periods that last for a total of ten years, you have to be running the latest service pack or version of the operating system to stay eligible. But you don’t have to rush to update.
Microsoft gives you 24 months to install a service pack or free update, during which time it continues updating both the old version and new version. So, when Windows 7’s Service Pack 1 came out, Microsoft updated both the original release and Service Pack 1 versions of Windows 7 with security updates for two years. After that point, the original release of Windows 7 stopped receiving security updates. Windows 7 is still receiving security updates today, but only if you install Service Pack 1.
To continue receiving security updates for Windows 10, you must install major updates like the Creators Update. Microsoft won’t continue updating every release of Windows 10 forever. Each individual update—like the November Update, Anniversary Update, and Creators Update—will keep receiving security updates for two years. That way, businesses that are holding back should have plenty of time to upgrade.
What Happens After Mainstream and Extended Support?
For most people, after the ten year period of mainstream and extended support ends, that’s it. You won’t receive any security updates for your version of Windows.
However, there are some ways around this. Microsoft offers “custom support relationships” to organizations that are still running outdated versions of Windows, and it creates and releases security updates for them. There are still organizations paying for Windows XP security patches, and Microsoft is still creating them. However, you can’t get them as a normal Windows user. You can only get them if you’re an organization prepared to shell out a large amount of money. Microsoft’s long-term goal is to encourage these organizations to upgrade and leave Windows XP behind.
Microsoft will also sometimes release security updates to the general public for particularly bad security holes. This happens very rarely, isn’t guaranteed, and the security updates may only be released after the brunt of the attack. For example, Microsoft released security updates that patch the hole abused by the WannaCry malware for Windows XP, Windows 8, and Windows Server 2003, which are no longer officially supported.
This isn’t something to count on. Microsoft only released these patches after the malware ran wild and exploited the bug. People who were running a supported version of Windows and installing the latest security updates—a security patch was released to fix the hole in March, nearly two months before the attack—were protected when the attack occurred, not afterwards.
When Will Microsoft End Support for Windows 7, 8, and 10?
Microsoft always lays out the exact dates when it will end support for a version of Windows in the Windows lifecycle fact sheet, available on Microsoft’s website. Here’s what it says:
- Windows 7 is supported with security updates until the end of extended support on January 14, 2020. You must have Service Pack 1 installed to get updates.
- Windows 8.1 is supported with security updates until the end of extended support on January 10, 2023. You must have updated to Windows 8.1 to get updates—the original version of Windows 8 isn’t supported with updates anymore.
- Windows 10 is supported with security updates until October 14, 2025. You must have the latest update to Windows 10 installed to keep receiving updates until 2025. (That’s the Creators Update, right now.)
Microsoft could extend these dates if they want—and they sometimes do—but these are the dates they’re officially committed to at the moment. Microsoft won’t end support before these dates.
Older versions of Windows are no longer in extended support. and no longer receive security updates. Windows Vista’s extended support period ended on April 11, 2017, more than ten years after it was first released. Windows XP’s extended support period ended on April 8, 2014, twelve and a half years after it was first released. While Microsoft may occasionally toss these outdated operating systems a security patch, they’re no longer safe to use.