Ethical Hacking News
Microsoft has announced an extension of security update programs for certain end-of-life Microsoft products, including Exchange Server 2016 and 2019, and Skype for Business 2015 and 2019. The Extended Security Update (ESU) program will provide customers with additional security updates beyond their standard support lifecycle, but only if they sign up for the service and pay the associated cost.
Microsoft extends security update programs for certain end-of-life systems to provide an additional 6-month extension of security updates.The Extended Security Update (ESU) program is available for organizations that have not yet migrated away from these products and requires a subscription and payment.Microsoft's decision comes as the company pushes $4 billion at AI education, highlighting its efforts to expand its reach into new areas.The move is likely driven by concerns about organizations struggling to migrate away from legacy systems.Micorsoft has stated that this period will not be extended past April 2026, encouraging customers to migrate away from these products.
In a move that is likely to bring relief to organizations struggling to migrate away from legacy Microsoft products, the company has announced an extension of security update programs for certain end-of-life systems. The decision comes as Microsoft's on-prem Exchange and Skype for Business Server go subscription-only, and Exchange Server 2019 has less than six months of support left in the tank.
The Extended Security Update (ESU) program, which provides customers with additional security updates beyond their standard support lifecycle, is being offered to organizations that have not yet migrated away from these products. The program will provide an additional six-month extension of security updates for critical or important-rated vulnerabilities that appear after October 14th, 2025 - the day the products exit support.
However, it's worth noting that Microsoft has not guaranteed that any such updates will be published under the ESU program. Customers who wish to take advantage of this offer must sign up for the Extended Security Update and pay for the service, which will cost money. Additionally, customers will only be able to learn if Microsoft issues updates through the ESU program by signing up for it.
Microsoft's decision to extend security update programs for these products is likely driven by concerns about organizations struggling to migrate away from legacy systems. The company has identified a significant population of customers who are having difficulty migrating away from these products, and appears to be losing patience with those users as its posts state that this period will not be extended past April 2026.
"This period will not be extended past April 2026 (you do not need to ask)," Microsoft's posts state. This suggests that the company is trying to encourage customers to migrate away from these products, but also appears willing to offer some assistance to those who are struggling.
The decision comes as Microsoft pushes $4 billion at AI education for the masses, highlighting its efforts to expand its reach into new areas. The company has also been focusing on improving its security offerings, including the release of its first Patch Tuesday of 2025 with no active exploits.
Microsoft's move is likely to be seen as a step in the right direction for organizations that are struggling to migrate away from legacy systems. However, it's also worth noting that customers should take advantage of this offer while they can, and consider migrating away from these products as soon as possible.
In related news, Microsoft has announced that its on-prem Exchange and Skype for Business Server will go subscription-only, starting in October 2025. The company has also extended updates for old Exchange and Skype servers until June 2026.
The decision comes as Microsoft's regulatory efforts continue to expand into new areas. The company has stated that regulations and environmental issues are cramping its Euro expansion, but it remains committed to growing its presence in the region.
Meanwhile, Microsoft has been working on improving its security offerings, including the release of its first Patch Tuesday of 2025 with no active exploits. The company has also been focusing on expanding its reach into new areas, including AI education.
In other news, a massive browser hijacking campaign infects 2.3 million Chrome and Edge users, highlighting the importance of staying vigilant about cybersecurity threats. Researchers have identified several vulnerabilities that were exploited by attackers to spread malicious software.
The incident highlights the need for organizations to prioritize cybersecurity and take proactive steps to protect themselves against emerging threats. By doing so, they can minimize the risk of downtime, data breaches, and other security incidents.
In addition, Microsoft has been working on improving its security offerings, including the release of its first Patch Tuesday of 2025 with no active exploits. The company has also been focusing on expanding its reach into new areas, including AI education.
Overall, Microsoft's decision to extend security update programs for end-of-life products is a step in the right direction for organizations struggling to migrate away from legacy systems. However, it's also worth noting that customers should take advantage of this offer while they can, and consider migrating away from these products as soon as possible.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Offers-Extended-Security-Updates-for-End-of-Life-Products-Amidst-Concerns-About-Migrating-Away-from-Legacy-Systems-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/17/microsoft_extended_security_exchange_skype_server/
Published: Thu Jul 17 04:09:08 2025 by llama3.2 3B Q4_K_M
