Top Five Security Risks with Windows Server 2003 EOL

And What to Do about Them


Remember when Windows Server 2003 debuted? A highlight that had us all excited were the advances in IT security built in by design. We’re talking about a re-engineered Internet Information Services with strong administrator control both over how Web applications run and user authentication to websites, folders and documents; a standards-based TCP/IP infrastructure, including support for IPv6; and software restriction policies to thwart inadvertently introduced gotcha code and unauthorized program installs.

As extended support for Windows Server 2003 nears its end, though, the risks to enterprises still relying on it—and to their applications, data, infrastructure and more—increase. Even companies on board to move to Windows Server 2012 in the face of Windows Server 2003’s July 2015 end-of-life deadline will face some security-related challenges.

What are some of the biggest concerns? Take a look:

  1. No more security updates: Next summer will see the end of security updates and paid per-incident support that were available for the operating system. No more bug fixes. No further vulnerabilities addressed. Just because it’s an old OS doesn’t mean it’s a forgotten one: as of November this year, for example, Windows Server 2003 editions and service packs were still turning up among the affected software listed in Microsoft security bulletins about critical vulnerabilities, like this one.
  2. Your OS is not an island: A compromised Windows Server 2003 operating system could open the door for the bad guys to pry into other systems in your data center for the purpose of launching attacks against them. Also, if your third-party business applications code support is tied to the status of the underlying operating system, that support—including anything it may cover in the way of security—also may suffer if you continue to run those apps under Windows Server 2003.
  3. Falling out of compliance: Companies in many industries—financial, healthcare, e-commerce, and so on—are dealing with a lot of sensitive customer data, and a lot of it is subject to either industry body or government regulations around privacy and security. When the Windows Server 2003 extended support cycle ends, such companies still using it may find that their virtualized and physical instances of the OS are now out of compliance with regulated industry or regulated data mandates, impacting all associated apps and data. These businesses may fail their audits. So, even if the operating system or data itself isn’t compromised, a business’ status very well could be – potentially resulting in fines, damaged relationships with key partners who are anxious about their own compliance standing, or even the shuttering of their own enterprise.
  4. Misusing valuable funds: A company that expends energy, resources and dollars on mitigation technologies to help continue to secure the aged OS by making it harder for attackers to exploit vulnerabilities could lose its focus on the overall enterprise and data security picture—not to mention sacrifice some of the budget that should be supporting that end. That could jeopardize a multitude of other critical software and systems and sensitive information.
  5. Legacy applications can cause security issues: All this said, there are risks associated with migrating from the older to the newer OS, as well. Unsupported legacy applications could leave an organization open to security risks, or data could be lost during the transition.

Effectively dealing with these risks comes down to carefully planning your changeover to Windows Server 2012. A well-plotted and well-executed move to the next-generation server OS is also a move that will keep your business current with security updates, with third-party application support, and with compliance requirements, and at the same time save your company from spending money and time on stopgap measures. IT service and solutions providers can be a big help, also aiding in ensuring that your move will take place without data loss. And they or business app vendors hopefully also can address any concerns related to running old apps on a new OS, or suggest alternate options.

One thing is clear—the sooner you get moving on this, the better. July 2015 isn’t as far away as it seems.

With the end of support date for Windows Server 2003 fast approaching, there's never been a better time to plan your data center transformation. Our experts have designed this helpful tool to get you started on the right upgrade path for your unique environment, applications, and workloads.

Download the CIO October 2016 Digital Magazine
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies