Bypass Windows 7 Extended Security Updates Eligibility

Discussion in 'Windows 7' started by abbodi1406, Nov 17, 2019.

  1. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    Bypass is still needed, we are beyond ESU now.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cynix01

    cynix01 MDL Novice

    Jan 17, 2020
    15
    29
    0
    Latest 2 updates for September installed via Windows update with no problems.

    2025-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5065468)
    2025-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 for x64 (KB5065958)
     
  3. John_3_16

    John_3_16 MDL Senior Member

    Feb 8, 2020
    253
    343
    10
    #8803 John_3_16, Sep 10, 2025
    Last edited: Sep 11, 2025

    Latest SSU is still from April 2025 KB5056456
    2025-09 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5065510)
    2025-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5065750)
    2025-09 Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based systems (KB5065435)
    All that was required for my Acer laptop this month.

    All have been successfully installed manually with 2 system restarts. Restarted WU. Shows no new updates available. One more month closer to full Linux changeover. ;>)) 4 monthly updates left.​
     
  4. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    Activating Client-ESU-Year6 is actually enough to install the updates manually (including .NET 4.x)
     
  5. Filipe Tolhuizen

    Filipe Tolhuizen MDL Junior Member

    Aug 20, 2023
    72
    28
    0
    What's the Windows build version from the latest Monthly Rollup?
     
  6. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    #8808 Carlos Detweiller, Sep 11, 2025
    Last edited: Sep 11, 2025
    According to DISM:
    Code:
    Image Version: 6.1.7601.24499
    Licensing says:
    Code:
    Software licensing service version: 6.1.7601.24559
    HAL:
    Code:
    6.1.7601.27927
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Filipe Tolhuizen

    Filipe Tolhuizen MDL Junior Member

    Aug 20, 2023
    72
    28
    0
    And what does it say in the SideBySide registry key? (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-s..edsecurityupdatesai_31bf3856ad364e35_none_0e8b36cfce2fb332\6.1)
     
  8. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    sxs.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. DvineLord

    DvineLord MDL Novice

    Mar 14, 2011
    9
    2
    0
    #8811 DvineLord, Sep 11, 2025
    Last edited: Sep 11, 2025
    @Logos89 When trying to install the 08-2025 Rollup I received the Code 80072EE2. After 2 fails and 2 cancels I finally got it to install. I forgot the steps I took to get it to install or what caused the issue, and I'm concerned about it happening again with the 09-2025 Rollup. I never received any errors previously with Rollups since this installation in 05-2020.

    Try doing a full shutdown/powerup, not just a reboot. Allow the system to fully load (my system is old and takes almost 30 minutes or more for all TrustInsaller.exe sppsvc.exe and related tasks to finish). Rescan for updates, then select and install.
     
  10. John_3_16

    John_3_16 MDL Senior Member

    Feb 8, 2020
    253
    343
    10
  11. John_3_16

    John_3_16 MDL Senior Member

    Feb 8, 2020
    253
    343
    10
    The Full Rollups started messing with my system & updates when 32 bit updates stopped. I run a duel 32bit/64bit system & processor. I restored my computer to the last good date behind that update.
    I then manually updated using only the full security update, the IE security update & .NET update. I check for the latest SSU update first.
    Since then I have followed the same steps:

    I begin by downloading all required KBs for Windows Server 2008 R2 for x64-based Systems.
    SSU first if new (Last was Apr 2025); Security Only update; .NET Security rollup (I only need 4.8); & Cumulative IE 11 update.
    I turn WU OFF & kill any running programs.
    If NEW I install SSU first & restart system.
    Security Only update next & restart system.
    .NET Security Rollup next & restart system.
    End with IE 11 update & restart system.
    Turn WU back on to alert me when there are new updates. I DO NOT USE WU for installs.

    The rollups are for the server & not specific for the Win7 OS. All we ever needed were the security updates. This procedure has worked flawlessly for me ever since. Flawlessly.

    September 2025:
    Latest SSU is still from April 2025 KB5056456 then:

    2025-09 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5065510)
    2025-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB5065750)
    2025-09 Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based systems (KB5065435)
    All that was required for my Acer laptop this month.

    All have been successfully installed manually with 2 system restarts. Restarted WU for alerts. Shows no new updates available. One more month closer to full Linux changeover. ;>)) 4 monthly updates left.
     
  12. hanzzon2

    hanzzon2 MDL Member

    Dec 1, 2007
    145
    76
    10
    @Logos89 I have seen your error on one system last month, but it is usually transient (goes away by itself if you search later).
    I think it might just be the Microsoft update servers being overwhelmed on patch Tuesday.
    If you look in WindowsUpdate.log in the Windows folder you will see Microsoft refers to it as transient, i.e. not critical.
    (In this case on the system I'm copying this error from there was no problem installing the updates via Windows Update that month).
    Code:
    2025-06-12    21:41:48:872    404    1e9c    DnldMgr    BITS job {FD56F3AF-A0C8-4A8F-9715-DFC366F5CDD1} hit a transient error, updateId = {05E26C07-9358-4E8A-ADB7-24F5142B2C6E}.200, error = 0x80072EE2
    
    Then a few lines further down:
    Code:
    2025-06-12    21:47:07:676    404    1f60    DnldMgr      Attempt no. 3 to resume the job
    2025-06-12    21:47:10:885    404    1f60    DnldMgr    BITS job {FD56F3AF-A0C8-4A8F-9715-DFC366F5CDD1} completed successfully
    And another few lines down:
    Code:
    2025-06-12    21:47:33:168    404    1fc0    AU    >>##  RESUMED  ## AU: Download update [UpdateId = {0065F780-C797-4EBF-930A-CB3E1D660666}, succeeded]
    2025-06-12    21:47:33:168    404    1fc0    AU    #########
    2025-06-12    21:47:33:168    404    1fc0    AU    ##  END  ##  AU: Download updates
    2025-06-12    21:47:33:168    404    1fc0    AU    #############
    
    Here on the other hand on another machine is where it actually failed to download and thus got listed in the Windows Update history as "failed" (but just trying again an hour later it worked fine).
    Code:
    2025-08-15    09:31:24:893    1364    374c    DnldMgr    BITS job {0FEB5519-3D4B-4EB8-9343-40DAABC8BD87} hit a transient error, updateId = {F140DD5E-48CB-42F6-AF28-5C26601613E8}.200, error = 0x80072EE2
    2025-08-15    09:31:24:893    1364    374c    DnldMgr      Attempt no. 1 to resume the job
    2025-08-15    09:51:24:895    1364    319c    DnldMgr    BITS job {0FEB5519-3D4B-4EB8-9343-40DAABC8BD87} hit a transient error, updateId = {F140DD5E-48CB-42F6-AF28-5C26601613E8}.200, error = 0x80072EE2
    2025-08-15    09:51:24:895    1364    319c    DnldMgr      Attempt no. 2 to resume the job
    2025-08-15    09:56:25:019    1364    dcc    DnldMgr    BITS job {0FEB5519-3D4B-4EB8-9343-40DAABC8BD87} hit a transient error, updateId = {F140DD5E-48CB-42F6-AF28-5C26601613E8}.200, error = 0x80072EE2
    2025-08-15    09:56:25:019    1364    dcc    DnldMgr      Attempt no. 3 to resume the job
    2025-08-15    10:01:24:823    1364    3810    DnldMgr    BITS job {0FEB5519-3D4B-4EB8-9343-40DAABC8BD87} hit a transient error, updateId = {F140DD5E-48CB-42F6-AF28-5C26601613E8}.200, error = 0x80072EE2
    2025-08-15    10:01:24:823    1364    3810    DnldMgr      Will not attempt to resume the job as it has reached the maximum number of attempts.
    2025-08-15    10:01:25:342    1364    3810    DnldMgr    Error 0x80072ee2 occurred while downloading update; notifying dependent calls.
    2025-08-15    10:01:25:388    1364    3920    AU    >>##  RESUMED  ## AU: Download update [UpdateId = {26AEE491-1103-4CDD-AF8C-0838C223E2CA}]
    2025-08-15    10:01:25:388    1364    3920    AU      # WARNING: Download failed, error = 0x80072EE2
    2025-08-15    10:01:25:389    1364    3920    AU    #########
    2025-08-15    10:01:25:389    1364    3920    AU    ##  END  ##  AU: Download updates
    2025-08-15    10:01:25:389    1364    3920    AU    #############
    
    So if you look for your error in that logfile you might get some clues, but again I would not worry about it too much as John said in his post above mine :)
    Oh, and thank you again abbodi1406 for keeping the dream alive :)
     
  13. Filipe Tolhuizen

    Filipe Tolhuizen MDL Junior Member

    Aug 20, 2023
    72
    28
    0
    Thanks for the info. I believe the 6.1.7603.25000 values were added by the bypass. After following the instructions for generating components and side-by-side registry keys to override ESU checking, I discovered that the latest monthly rollup adds the 6.1.7602.27929 into the components registry keys ([HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..edsecurityupdatesai_31bf3856ad364e35_6.1.7602.27929_none_c8db83c43627db21]) which are only accessible after/while attempting or installing any WU. Manually adding these numbers to the side-by-side registry keys for Default and an entry for a RegBinary with a 01 value allows installing that monthly rollup without failing. I never realised how easy it is installing these updates without any special bypassings.
     
  14. Carlos Detweiller

    Carlos Detweiller Emperor of Ice-Cream
    Staff Member

    Dec 21, 2012
    8,076
    10,298
    270
    If the value was added by the Bypass, maybe @abbodi1406 needs to up the value a bit.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Apoly

    Apoly MDL Senior Member

    Aug 21, 2016
    352
    444
    10
    Have you tried re-installing the Bypass ?
    The default value should be higher than 25000.
    Maybe Microsoft somehow intentionally removed it ??
     
  16. NewEraCracker

    NewEraCracker MDL Senior Member

    Apr 19, 2011
    335
    552
    10
    Hi,
    Does not matter.

    6.1.7603.25000 is still greater than 6.1.7602.27929 at a programming level. ;)

    My two cents. Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    18,610
    100,025
    340
    He want to install the updates without bypass
    which is easy with basic steps:
    stage the update
    change SideBySide\Winners registry for the esu component
    install the update

    this concept was used in W7ESUI versions before v4.0
    but if you have multiple installed Monthly Rollups, it will be impossible to uninstall the latest, because it will trigger ESU component validation for the previous rollup

    hence, using fake bypass ESU component with higher version saves you all those steps and troubles