Windows 10 will be covered by 0patch, a third-party paid patching service

So I learned something new today: there are companies that provide security patches for Windows that aren’t Microsoft. I never even considered this could be a thing, but it turns out that a paid service called 0patch seems to have been around for a long time, and the consensus seems to be that not only can it be trusted, it also sometimes provides patches sooner than Microsoft does. Today, 0patch announced it’ll also be providing this service for Windows 10 after the end of support next year.

With October 2025, 0patch will “security-adopt” Windows 10 v22H2, and provide critical security patches for it for at least 5 more years – even longer if there’s demand on the market.

We’re the only provider of unofficial security patches for Windows (“virtual patches” are not really patches), and we have done this many times before: after security-adopting Windows 7 and Windows Server 2008 in January 2020, we took care of 6 versions of Windows 10 as their official support ended, security-adopted Windows 11 v21H2 to keep users who got stuck there secure, took care of Windows Server 2012 in October 2023 and adopted two popular Office versions – 2010 and 2013 – when they got abandoned by Microsoft. We’re still providing security patches for all of these.

Mitja Kolsek on the 0patch blog

This service implements patching through what it calls “micropatches”, which are very small sets of CPU instructions injected into running code in memory without modifying – in this case – Microsoft’s own code. These micropatches are applied by briefly stopping the offending program, injecting the fix, and continuing the program – without having to close the program or reboot. Of course, they can be unapplied in the same, non-disruptive way. The 0patch service will provide patches for 0days that Microsoft hasn’t fixed yet, patches for issues Microsoft won’t fix, and sometimes patches for third party code.

As the headline clearly states, this service isn’t free, but honestly, at roughly 25 dollars plus tax per computer per year, it’s not exactly expensive, and definitely cheaper than Microsoft’s own Windows 10 Extended Security Update program it’s going to offer for Windows 10 after the end of support date next year. Diving a bit deeper into who is providing this service, it comes from a company called ACROS Security, a small company out of Slovenia. The company details its micropatches on its 0patch blog if you want more information on how each individual ones works.

I still don’t know exactly what to make of this, and I definitely wouldn’t rely on something like this for mission-critical Windows computers or servers, but for something like a home PC that can’t be upgraded to Windows 11 but still works just fine, or perhaps some disposable virtual machines you’re using, this might be a good stopgap solution until you can upgrade to a better operating system, like Linux or one of the BSDs. Are there any people in the OSAlert audience who’ve used 0patch, or perhaps a service similar to it?

33 Comments

  1. 2024-06-27 7:20 pm
    • 2024-06-27 9:36 pm
      • 2024-06-27 9:37 pm
      • 2024-06-28 9:27 am
        • 2024-06-28 12:57 pm
          • 2024-06-28 4:27 pm
  2. 2024-06-28 1:52 am
    • 2024-06-28 2:55 am
      • 2024-06-28 3:00 am
          • 2024-06-28 12:44 pm
        • 2024-06-28 9:36 am
        • 2024-06-28 12:27 pm
          • 2024-06-29 2:53 am
      • 2024-06-28 3:40 am
          • 2024-06-29 3:05 am
  3. 2024-06-28 2:37 am
    • 2024-06-28 9:08 am
    • 2024-06-28 12:39 pm
      • 2024-06-28 1:01 pm
    • 2024-06-28 2:27 pm
      • 2024-07-01 9:07 am
  4. 2024-06-28 9:19 am
  5. 2024-06-28 2:03 pm
    • 2024-06-28 4:13 pm
      • 2024-06-28 4:33 pm
  6. 2024-07-02 3:51 pm
    • 2024-07-04 8:17 pm
      • 2024-07-04 11:00 pm
        • 2024-07-05 5:59 am

Leave a Reply