I have no doubt that it is possible, having done so myself; but I like your answer because it is not dismissive. The updates in question are those earmarked for Server 2008 SP2 (not R2, which is Windows 6.1 like Win7). They contain an extractable text document that explicitly lists Vista under applicability info. Since Microsoft did not block installation on Vista, I did not have to find “unofficial ways” to install them.
Another technical matter that might be relevant to using ESET 12 on Vista: Those SHA-2 updates change the build number from 6.0.6002 [SP2] to 6003. Of course that was also true of the BlueKeep patch that Microsoft urged Vista users to install back in 2019, at which time ESET 12 (and therefore Vista) was still supported. The build number change is known to have caused BSODs if Avast/AVG 18.8 was installed, however Avast issued a micro-update in June 2019 that resolved the issue. Have there been any reports of problems running ESET 12 on Windows build 6.0.6003 (aside from warnings related to the SHA-2 requirement)?
