Windows Server 2003 support ending July 2015.
We want to ensure that with less than 1 year before the End of Support, that you have already begun your planning to migrate your applications off of Windows Server 2003. We want to also ensure that you are aware that your migration destination does not only include Windows Server 2012 R2, but also Microsoft Azure as well as Office 365 for SharePoint and Exchange.
So what happens when Windows Server 2003 support comes to and end?
• Requests for changes to product design or features will no longer be accepted nor accommodated
• Security updates will no longer be provided, exposing your Windows Server 2003 installation to security threats
• Payment Card Industry (PCI) policies will not be met with an operating system that is EOS
• Hotfixes and bug fixes will no longer be provided
• Complimentary support (phone and online) included with the licenses will no longer be provided
• Paid support (e.g. from Microsoft Premier Support) will no longer cover Windows Server 2003 Family of Products
New vulnerabilities discovered in Windows Server 2003 after its “end of life” will not be addressed by new security updates from Microsoft. What is the risk? One risk is that attackers will have the advantage, because attackers will likely have more information about vulnerabilities in Windows Server 2003, placing the applications running on Windows Server 2003 in a precarious position. When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality.
For example, if vulnerability is addressed in one version of Windows Server, researchers investigate whether other versions of Windows Server have the same vulnerability. To ensure that our customers are not at a disadvantage to attackers who employ such practices, one long standing principle that the Microsoft Security Response Center (MSRC) uses when managing security update releases is to release security updates for all affected products simultaneously. This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.
But after July 14, 2015, organisations that continue to run Windows Server 2003, as well as any other Microsoft products that have hit their EOS, like Exchange 2003, Outlook 2003 and even Windows XP, won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows Server, attackers will reverse engineer those updates, find the vulnerabilities and test Windows Server 2003 to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows Server 2003. Since a security update will never become available for Windows Server 2003 to address these vulnerabilities, Windows Server 2003 will essentially have a “zero day” vulnerability forever.
Please do not ‘dismiss’ this information, as your planning activities are only the start of your migration, there are numerous complexities that can side-line even the best migration plans. Starting your planning and migration today, is the only way to ensure that come 14th July 2015, that your critical applications and workloads are safely and securely running.
For more information on how to plan your migration please contact Maria West on 01268 494101 or email firstname.lastname@example.org