Windows 8.1 and Windows Server 2012 R2 ESU Analysis
The original Windows 7 ESU Analysis can be found here. With the ending of support for Windows 8.1 and Server 2012 R2 in 2023, additional research was conducted to see if similar techniques would work for these operating systems as well. It was determined that both Windows 8.1 and Windows Server 2012 R2 can be fully patched past the supported period.
There are 2 techniques in getting these Operating Systems up to date with the latest patches. The first technique is to copy the latest manifest file into the C:\Windows\WinSxS\Manifests folder, apply the Components registry key, and apply the SideBySide registry key. Then, installing the latest Cumulative Update will be successful.
The easier method, however, is to install the latest Cumulative Update, let it “fail”, apply the SideBySide registry key, and retry. Upon completion, the update will succeed. Both techniques have been validated on these Operating Systems.
Important: You must obtain an ESU license to apply ESU updates. Details on obtaining an ESU license can be found here. This research was completed for security vulnerability research purposes only following the Microsoft Legal Safe Harbor Terms. Do not try to reproduce without having the required licenses.
There is no ESU license option for Windows 8.1, so for security purposes if Windows 8.1 must still be used, this is an unsupported way on how to keep it patched against the latest vulnerabilities. Although the last official patch for Windows 8.1 was January 2023, here is a version of Windows 8.1 fully patched through January 2024.
Install The Latest Servicing Stack Update (SSU) - KB5050115 (January 2025)
Install Windows8.1-KB5050115-x64.msu and reboot the computer.
Install The Latest Monthly Cumulative Update Via Failed Reboot Technique - KB5050048 (January 2025)
- Install KB5050048 ( Part 1 / Part 2 / Part 3 / Part 4 / Part 5 / Part 6 ) and reboot the computer. This will result in a failed update and rollback.
- Apply the new Windows 8.1 or Server 2012 R2 SideBySide registry key linked below.
- Install KB5050048 again and reboot the computer. This will result in a successful update.
Install The Latest Monthly Cumulative Update Via Manifest/Component Technique - KB5050048 (January 2025)
If using the Manifest/Components registry key technique:
- Copy the manifest file linked below into the C:\Windows\WinSxS\Manifests folder. This can be done by executing the following commands:
takeown /f C:\Windows\WinSxS\Manifests /a
icacls C:\Windows\WinSxS\Manifests /grant Everyone:(F)
copy amd64_microsoft-windows-s..edsecurityupdatesai_31bf3856ad364e35_6.3.9600.22371_none_599b57d5f64fad01.manifest C:\Windows\WinSxS\Manifests
icacls C:\Windows\WinSxS\Manifests /remove Everyone
icacls C:\Windows\WinSxS\Manifests /setowner “NT SERVICE\TrustedInstaller”
- Apply the new Windows 8.1 or Server 2012 R2 Components registry key linked below.
- Apply the new Windows 8.1 or Server 2012 R2 SideBySide registry key linked below.
- Install KB5050048 ( Part 1 / Part 2 / Part 3 / Part 4 / Part 5 / Part 6 ).
Install The Latest .NET 3.5 Update - KB5044012 (October 2024)
Install Windows8.1-KB5044012-x64.msu.
Install The Latest .NET 4.8 Update - KB5049618 (January 2025)
Install Windows8.1-KB5049618-x64-ndp48.msu.
Install The Latest Root Certificate Updates
Finally, the latest Microsoft Root Certificates need to be installed into the Local Computer Trusted Root Authority Certificate Store. A batch file to automatically install all certificates and revocation lists can be found here: Import.cmd
References
These files can all be found on GitHub here. See below for specific file links.
Windows 8.1 x64 Manifest File KB5050048
Windows 8.1 x64 Components Registry Key KB5050048
Windows 8.1 SideBySide Registry Key KB5050048
Windows Server 2012 R2 x64 Manifest File KB5050048
Update 2025-01-21
- Replaced October 2024 Servicing Stack Update (KB5044411) with January 2025 Servicing Stack Update (KB5050115).
- Replaced December 2024 Monthly Update (KB5048735) with January 2025 Monthly Update (KB5050048).
- Replaced November 2024 .NET Framework 4.8 Update (KB5046260) with January 2025 .NET Framework 4.8 Update (KB5049618).
- Updated Microsoft ECC Root Certificate Authority 2017.crl.
- Updated MicRooCerAut_2010-06-23.crl.
- Updated Microsoft ECC Product Root Certificate Authority 2018.crl.
- Updated Microsoft ECC TS Root Certificate Authority 2018.crl.
- Updated Microsoft RSA Root Certificate Authority 2017.crl.
- Updated Microsoft EV ECC Root Certificate Authority 2017.crl.
- Updated Microsoft EV RSA Root Certificate Authority 2017.crl.
- Replaced December 2024 Manifest, Components Registry Key, and SideBySide Registry Key (6.3.9600.22318) with December 2024 (6.3.9600.22371).
For previous updates to this post, see Windows 8.1 and Windows Server 2012 R2 ESU Analysis Changelog.