top of page

Microsoft warns Windows Server 20H2 will reach EOS next month

Microsoft have released an announcement reminding customers that Windows Server version 20H2 will reach its end of service (EOS) very soon.

The upcoming August 2022 security update, to be released on August 9, will be the last update available for this version.

This will also see the retirement of Windows Server Semi-Annual Channel (SAC). Following this, there will be no future SAC releases of Windows Server. Windows Server is moving to the Long-Term Servicing Channel (LTSC) as the primary release channel.

After August 9, all devices running Windows Server version 20H2 will no longer receive monthly security and quality updates containing protection from the latest security threats, leaving users more vulnerable to security risks and vulnerabilities.

Threat actors and sophisticated adversaries often search for both vulnerabilities and zero-days that can be exploited for a range of malicious activities, including initial access, persistence, and lateral movement across the network.

Patches are often released by vendors to provide a fix and essentially block the attack from taking place. Due to the removal of security updates, operating EOS devices and servers will leave the door open for threat actors, resulting in higher chances of successful exploitation.

Beyond the potential risk of exploitation by threat actors, running an EOS server can also provide further issues including software compatibility issues, decreased performance, and lower operating efficiency.

Microsoft have advised customers to move to Azure Stack HCI for the same release cadence or make the switch to Windows Server 2019/2022 in the LTSC servicing channel.

An official guided walk-through can be used to switch to a supported Windows Server version and a further support document has also been provided to fix or troubleshoot errors encountered during the update process



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page