Response to Windows Server 2003 End of Support

Release Date: 31 Aug 2015 2518 Views

 

Response to Windows Server 2003 End of Support

 

Microsoft has ended its support of Windows Server 2003 on the 14th of July and will not issue further patches even if new vulnerabilities come to light 1. However, Windows Server 2003 may still be very commonly used in an enterprise setting. If enterprises do not discontinue their use of Windows Server 2003, the non-existent protection against future threats will easily let malicious activity compromise their systems.

 

Windows Server 2003 may still be used

Microsoft has ended its support for Windows Server 2003 for over a month. According to HP, there was still approximately an alarming 11 million systems still running Windows Server 2003 in May 2014 2. In an attempt to discover how pervasive the usage of unsupported systems is, the following Security Blog will analyze the major reasons system administrators have not migrated away from Windows Server 2003 to newer and supported systems and the imminent threat caused by the continued use of Windows Server 2003.

 

Why have users not upgraded or switched to other operating systems?

The common reasons users have not upgraded or switched to other operating systems are listed below:

  • “We will wait a newer operating system is released before we switch or upgrade to other operating systems.”
  • “The system still works as usual and thus there is no need to switch or upgrade to other operating systems.”
  •  “We believe that antivirus software is sufficient to combat the security risks.”
  • “We believe legacy software can only be executed on Windows Server 2003.” 7
  • “We do not have the funds or expertise required to upgrade or migrate to other operating systems.”

Nonetheless, the reasons above still brings security risk to enterprises. A solution to letting employees understand the importance of upgrading operating systems is to provide different information security training such as participating relevant conferences.

 

Can Windows Server 2003 still operate after End of Support?

Windows Server can still operate after the end of support on 14th July, 2015. However, Microsoft will not provide any support services (except for tailor made services) which include publishing patches for security vulnerabilities. Thus enterprises should understand that Windows Server 2003 will be increasingly vulnerable as time passes due to the continuous emergence of viruses or discovery of vulnerabilities in the system.

 

Note: Microsoft published the Microsoft Security Bulletin in August 2015 which did not include Windows Server 2003.

 

The security risks of using Windows Server 2003

If users still require Windows Server 2003 in the immediate future, users should understand what the risks that this action entails and employ necessary precautions to minimize the risk. Previously, hackers often attempt to find vulnerabilities in the patches for currently supported operating systems as similar patches have not been released for older systems. Furthermore, Ransomware may have a correlation with the usage of unsupported operating systems 3.

 

Do not use unofficial security patches

Due to the end of support for Windows Server 2003, using Microsoft’s tailor made support services could be extremely expensive 6. Some users opt to use third-party patches in an attempt to minimize the risk while extending the use of the operating system. However, as the patches are not released by Microsoft, there is no contractual guarantee that the patches actually work. Furthermore, hackers can use these patches as Trojan horses to gain access to the system for malicious purposes, which can have devastating consequences.

 

Migrate to newer operating systems as soon as possible

Although Windows Server 2003 has been widely used, it is one of the older operating systems. With the advance in technology, many issues regarding performance and security have been discovered 4. Thus, HKCERT strongly encourages local enterprises still using Windows Server 2003 to migrate or upgrade to other operating systems as soon as possible to ensure that the servers continue as smoothly and as securely as possible.

 

References:

[1] Microsoft Support Lifecycle

https://support.microsoft.com/en-us/lifecycle/search/default.aspx?alpha=Windows%20Server%202003

[2] The Channel

http://www.channelregister.co.uk/2014/05/02/windows_server_2003_hp/

[3] Beware of Crypto Ransomware

/my_url/en/blog/15050402

[4] Windows Server 2003 Rapidly Approaches End-Of-Life, Watch Out For Performance Bottlenecks

http://blogs.technet.com/b/mspfe/archive/2013/04/29/windows-server-2003-rapidly-approaches-end-of-life-watch-out-for-performance-bottlenecks.aspx

[5] Migration is worth it! Windows Server 2003 extended support ended on July 14, 2015

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003

[6] Windows Server 2003 custom support could cost MILLIONS

http://www.theregister.co.uk/2014/12/19/got_a_few_million_tucked_under_the_mattress_for_microsoft/

[7] Windows Server 2003 is still running in 61 percent of businesses

http://www.theinquirer.net/inquirer/news/2400343/windows-server-2003-is-still-running-in-61-percent-of-businesses

[8] Windows Server 2003 End of Life

http://community.spiceworks.com/windows/server-2003-end-of-life

 

 

Share with

Previous

Favourite Security Reads of the Week (28 Aug 2015)

28 Aug 2015 1309 Views

Next

HKCERT Security Newsletter (September 2015 Issue)

1 Sep 2015 1251 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY