Extended Security Updates Patching

Extended Security Updates (ESU) are paid, temporary subscription service that provide critical and important security patches for legacy Microsoft products, such as Windows 10, Windows 2012, Windows 2012 R2 and so on for up to three years after official support ends. These prevent security vulnerabilities but do not include new features, non-security fixes or technical support.

Patch Management supports ESU licenses aligned with specific Windows operating systems version. For more information on licenses, see Manage PM Licenses.

You must purchase and apply separate ESU licenses tailored to the required windows version. 

Qualys supports ESU licensing for Windows 2012  and later versions. 

You can view your ESU licenses for the subscribed Windows version on the Configuration > Licenses tab. If you are not subscribed for any ESU version, the value is displayed as None.

You can also view the ESU OS version for the particular patch. To view the same, go to Patches > Windows tab and for the specific patch, click View Details as shown in the following image.  

You can use the patch.esuOsVersion QQL token to identify patches applicable for ESU patching for the specified Windows version.  Additionally, the Patches listings page displays an informational message indicating the required ESU version for each relevant ESU patch as displayed in the following message.