Windows Server 2003 End of Life

A few months ago, Microsoft stopped supporting the Windows XP operating System and the Office 2003 suite of applications.

Is there anything else that Microsoft is going to stop supporting soon?

The answer to this question is yes, and it can affect you. Within the next year we will see the Microsoft Server 2003 product line reach end of support life as well. The stated date for this end of support life is July 14, 2015. Plans should start to be made now to address the replacement or retiring of these older servers to ensure the smooth transition to a newer supported operating system.

How does this affect me or my company?

If you have any servers running the Microsoft Server 2003 operating system, plans need to be made to replace, or retire these servers. With Windows Server 2003 we have been given a much longer period of notice than we saw with Windows XP so plans can be made in advance to address these servers and plan for succession or elimination of the operating system.

What are the Risks after this date?

Much as with Windows XP, Microsoft will stop actively supporting the operating system and will stop issuing critical updates.  This will also mean that we can no longer open a support case with Microsoft in the case of a critical failure or issue involving any server that runs Server 2003. This is a very large risk in the case of emergency and will place a barrier to resolving critical issues into the equation.

New software and hardware will not be designed to support Server 2003 either so this may introduce complications when there is a need for new or updated software, even updated versions of software or applications you currently own and use.

Why do these critical updates matter so much?

The best way to understand the Microsoft critical updates are to think of them as a way of plugging security holes. There are new security flaws and ways of exploiting Windows Server operating systems being found every day. These ‘holes’ or flaws are what viruses and other malware use to get into a server in the first place. The updates fix these flaws in a way that is passed on to all the antivirus companies who then use these code changes ( Microsoft Updates) to design their daily updates for their antivirus products. The combination of both of these layers of defense, working together, is where the integrity of the security we have comes from.

In most cases, because of the amount of shared code from version to version of Windows Server, a flaw that is found in one operating system, Server 2008 for example, will also apply to an older operating system, in this case we will use Server 2003 as the example. When Microsoft stops putting out updates for Server 2003 but continues to put them out for Server 2008, cyber criminals reverse engineer the Server 2008 updates and find detailed information on a flaw that may very likely exist on the older operating system, Server 2003 and focus on exploiting those flaws. Now we have a problem that we cannot protect against and because of the close relationship between the antivirus program and the operating system, the AV product cannot protect the computer properly either and we are left with a server that is a target for infection because of the flaws in the operating system that are now known and can be exploited.

From there we have other issues; once a single server anywhere in the network is infected it now has the ability to infect other computers and servers inside of your network, even if they are newer operating systems as the virus already has a foothold inside the network. This puts both your productivity and your data at great risk.

When we take this all in, we realize that even the presence of a Server running Server 2003 in the network, after the end of support date, is a considerable risk.

What are the next steps in addressing these servers and planning our next steps?

Please contact AbleIT and we can begin planning our next steps to ensure that these servers are removed, replaced or retired in advance of the deadline Microsoft has provided. A proactive plan, executed properly, will mitigate any risk that this change will bring into your network.