Windows Server 2003 Goes EOL

IT professionals face two fundamental challenges every day: 1) Keeping their enterprise’s network running, and 2) Keeping it secure.

Which is why it’s so important for enterprises still relying on Windows Server 2003 to migrate from the aging server OS, which Microsoft will cease supporting after July 14, 2015. Once Redmond no longer offers support, organizations relying on Server 2003 will face a number of risks that over time will only increase in severity.

Ade Foxall, CEO of London-based application performance management vendor Camwood, describes Server 2003 end of life as “the biggest security threat of 2015.”

Still, a January survey showed that 8% of respondents had no plans to migrate from Server 2003, even though the vast majority of these dead-enders (85%) cited concerns about security.

This is somewhat ironic because the first and most obvious danger associated with an abandoned server platform is that the manufacturer no longer will issue fixes and patches for vulnerabilities that could be exploited by viruses, spyware and other malicious code.

While it may be tempting to believe an outdated server OS with a shrinking installed base might be overlooked by hackers and other digital miscreants seeking bigger game, the opposite is true: Zero-day exploits, which target unknown security flaws in software for which there are no patches, are very common. And you better believe those looking to take advantage of vulnerable networks are well aware that several million Windows 2003 servers will be running after July 14.

Further, even running just one instance of Server 2003 can endanger other parts of the network. According to CIO.com, “A compromised Windows Server 2003 operating system could open the door for the bad guys to pry into other systems in your data center for the purpose of launching attacks against them.”

And any potential short-term compliance issues incurred by migrating from Server 2003 would be more than offset by the risk of running afoul of financial regulations and other certification requirements by choosing to stay on an outdated, unsupported platform.

This is a serious problem for enterprises in industries such as healthcare and finance because they must comply with government standards regarding the security and privacy of customer and patient records. An inability to safeguard sensitive data because a server platform is vulnerable could lead to fines, penalties, and lawsuits.

And private industries are subject to similar oversight. The millions of e-commerce sites that process credit card data must meet strict requirements regarding the protection of private customer information as well, if they want to stay in business. They must adhere to the regulations set by the Payment Card Industry Data Security Standard (commonly called PCISS) in order to retain the ability to accept credit card payments – not to mention keep the trust of their customers. One data breach can cost a company millions, and running on an outdated platform like Server 2003 is like letting cybercriminals know you’re leaving the back door unlocked. 

Change can be scary and sometimes dangerous. But running your business on a 12-year-old server OS that no longer will be supported isn’t just dangerous, it’s truly reckless. And reckless behavior can lead to disastrous results.