Windows 7 was discontinued in January this year, and this means that computers still running this operating-system aren't provided with new security patches and updates.

So theoretically, not receiving any updates means all of the vulnerabilities which are discovered within the operating-system remain with no fix, and this obviously means a heightened probability of issues going forward.

The only method to receive security updates at this time is to pay for them, as Microsoft has launched the Extended Security Update (ESU) program to permit companies that need more time for you to upgrade their fleets to keep all devices secure before the migration is finished.

According to Microsoft's policy, the cost of custom security patches is increasing every year, and now Windows 7 is getting prepared to enter the second year of extended security updates.

"If your business has been unable to update devices running the versions of Windows listed above to a currently supported version before January 12, 2021, ESU can offer security updates to people devices through January 11, 2022-helping protect those devices when you complete your Windows and Windows Server upgrade projects," Microsoft explains in an advisory.

"Many organizations have made the transition towards the new edition of Windows 10 or Windows Server. Those who deployed Windows 10 take advantage of strong protection against threats plus the most recent security and manageability features such as Microsoft Defender Antivirus, richer device management policies, and Windows Autopilot. Other organizations running legacy applications shifted their Windows 7 devices to Windows Virtual Desktop, including ESU for Windows 7 virtual desktops at no additional cost, enabling you to continue running critical line-of-business apps when you continue your migration to Windows 10. Like a last resort, however, a number of organizations purchased, installed, and activated their newbie of ESU to receive security updates for eligible devices through January 12, 2021."

In theory, extended security updates are specifically supposed to give companies additional time to move to a supported Windows version, so since January, some of the people who have been still running Windows 7 are meant to have finished the switch to Windows 8.1 or Windows 10.

If they haven't, then the recommended step would be to get one extra year of security updates as part of the ESU program for that computers that are still running Windows 7.

Necessary for know is you can't just buy the second-year of Windows 7 security updates if you weren't already spending money on the very first year. This means that whenever reaching out to Microsoft being part of the program, if you're not already enrolled in the ESU, you need to pay for both the first and the second many years of updates.

"Because ESU are available separate SKUs for each of the years in which they are offered (2020, 2021, and 2022)-and because ESU are only able to be bought in specific 12-month periods-you will have to purchase the second year of ESU coverage separately and activate a brand new key on each applicable device in order for your devices to continue receiving security updates in 2021. If your organization did not buy the first year of ESU coverage, you will have to purchase both Year 1 and Year 2 ESU for your applicable Windows 7 or Windows Server devices before installing and activating the Year 2 MAK keys to receive updates," Microsoft explains.

The policy applies not only to Windows 7 Service Pack 1 but also to Windows 7 Professional for Embedded Systems, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems.