Windows 2003 Server reaches its end-of-life on July 14, 2015. If you haven’t already moved away from this operating system, or other unsupported operating systems, the time for action is now!
Windows Server 2003 was released back in April 2003 and has been a very successful operating system for Microsoft. Almost too successful, as it continues to be used extensively nearly 12 years later.
Mainstream support for Windows 2003 Server ended back on July 13, 2010. No new features, bug fixes or service packs were released after this time, but Microsoft has continued to provide critical security updates to ensure customers’ systems were protected against new attacks.
Many organisations continue to maintain their old server operating systems to avoid the cost or inconvenience of updating, but come July 14, 2015 Microsoft will end extended support.
If you’re still running Windows Server 2003 in production you need to start preparing to migrate now, and here’s why.
Microsoft will no longer provide security updates to Windows Server 2003. As new vulnerabilities are discovered the operating system will not be patched to protect against an exploit. In fact, it’s possible that hackers are already sitting on some vulnerabilities and are just waiting until the end-of-support to roll around before unleashing an attack.
If you plan to keep running Windows Server 2003 you will be solely reliant on your security vendor to protect against these attacks, and there may be operating system vulnerabilities that even the security vendor cannot protect against.
You should also be aware that not just your old Windows 2003 Server is at risk. Once that server is infected, the chances of a successful attack on other, new servers increases. The same goes if you’re still running Windows XP and older desktop operating systems.
In 2015 most server workloads are being virtualised. Windows Server 2003 was released in the very early days of server virtualisation and wasn’t built to take advantage of the virtualisation features built into modern hardware. From Windows Server 2008 virtualisation is built right into the operating system with Hyper-V and has continued to improve through to Window Server 2012 R2.
Software vendor support
Many software vendors do not provide support for their software if it is running on an unsupported operating system. If you’re running business-critical software on a Windows 2003 Server, you should check the vendor’s support policy. If the software is not supported beyond Windows 2003 end-of-life, you need to start preparing to upgrade both the operating system and software now.
If your organisation must meet industry or government regulations, such the Payment Card Industry (PCI) Compliance, then you may have a legal obligation to upgrade your critical operating systems to a supported platform. Check your compliance requirements and take action to avoid the risk of litigation.
What if upgrading is not possible?
If you’re running software that doesn’t work on a supported operating system and there is no possibility of upgrading (eg. the vendor went out of business) then here are some recommendations:
- Transfer to another vendor as soon as possible
- Virtualise your old server and ensure that the physical hardware is supported
- If it’s not required for day-to-day operations, shut it down and turn it on only as required
- Disconnect it from the network to avoid malware attacks
- Access it from the physical or virtual console and limit who has access
- If you can’t turn it off, ensure it has up to date and supported security software
- Consider using Windows firewall or a third party firewall to limit access as much as possible
- If it must remain connected to the network, prevent it from accessing the internet and other internal systems where not required
- If it must be accessed via the internet (e.g. a web server), ensure your firewall has an intrusion protection system (IPS) that protect against known attacks.
Avoiding the risk
If upgrading is an option you need to prepare for it now.
With less than 6 months until Windows 2003 Server support ends, there will be increasing demand for upgrades as the financial year comes to an end. Even if you’re not prepared to implement just yet, you should start planning with your hardware/software vendors and resellers to ensure a smooth transition.
If you’re already running an unsupported operating system (yes, Windows NT 4.0 Server is still in use) then you’re already at risk and should upgrade immediately.
Need to get started on upgrading your operating system? Contact Professional Advantage.
[cd-form type=”contact-2columns” title=”Need an answer?” action=”http://analytics.clickdimensions.com/forms/h/aQFTAdPgQOEOW6iXUblDtg” button=”Make an enquiry” thankyou=”Thank you for your enquiry. We’ll be in touch shortly.”]