Windows Server 2003 End of Life – the risks of ignoring this important deadline

By Guido Marchetti, cloud solutions specialist, MJ Flood Technology

Yet another IT deadline looms when manufacturers and resellers strong-arm us into upgrading our software. Or at least that’s how some see it. But there’s a very good reason for not ignoring this latest end of support notification from Microsoft.

This time it’s Windows Server 2003, which after 12 loyal and productive years, reaches End of Life on July 14th, 2015. Given the speed of technological change and increasing demands for computing power, it’s quite surprising that this server OS has lasted this long. It’s an industry stalwart that has served business well over the years from workgroup-type server capacity for larger companies to Small Business Server 2003, specifically designed to keep smaller organisations up and running.

With so many instances of Windows Server 2003 out there, many companies will be asking themselves what kind of support they can expect to receive after this date. And the answer, quite frankly is none.

Windows Server 2003 - end of life.  Request support from MJ Flood TechnologyOnce any Microsoft product hits end of life or perhaps more accurately, end of support, no further security patches, updates or bug fixes are issued and customers will be unable to get either complimentary or paid technical support related to this server operating system. In short, new vulnerabilities discovered in Windows Server 2003 will not be addressed by Microsoft and that has serious security implications for any organisation running this OS.

Retailers, running Windows Server 2003 should sit up and take particular note as Payment Card Industry (PCI) policies will not be met with an operating system that is end of support. And that means that Visa and Mastercard may no longer do business with you.

So what are the risks in ignoring this Windows server 2003 end of life notification and limping along for another six months or more?

Before answering that question, it’s useful to understand how hackers and other criminals exploit software vulnerabilities. When Microsoft, for example, issues a security update, hackers will reverse engineer that update to pinpoint the exact vulnerability in the software code that’s causing the problem. They then develop their own code to exploit that vulnerability and investigate whether other versions of Microsoft software have the same issue.

But Microsoft’s Security Response Centre operates to best practice and issues security updates for all Microsoft products simultaneously, like a security blanket across the whole product portfolio. This ensures that customers enjoy holistic protection across the Microsoft software stack.

But after July, 14th customers will no longer enjoy this blanket of protection. As soon as Microsoft issues the next security update for Windows Server 2012, hackers and cybercriminals will immediately test for that very same vulnerability in Windows Server 2003 and as security updates are no longer being released, server systems based on this OS could be wide open to attack and exploitation.

And this scenario also applies to other Microsoft products that have gone end of life in recent times; Windows XP, Exchange 2003 and Outlook 2003. All of these products will have a “zero day” vulnerability forever.

So what are the next steps and what do I need to keep my precious business assets protected?

It’s simple. You can move to the latest Windows Server 2012 R2 and take this opportunity to create a new vision for your IT services, by transforming your datacentre and moving assets to the cloud. By moving to a hybrid cloud environment with Microsoft Azure for example, you can enjoy a more agile IT infrastructure, with predictable IT costs and dynamic delivery application.

If you’d like a free consultation on migrating away from Windows Server 2003 and moving to the cloud, just click on the button below.