Since 14 July 2015, Microsoft has ended the support for Windows Server 2003 operating system, this means that the company will no longer provide patches, security updates, and security bulletins. As already happened for Windows XP, the repercussions under security perspective are serious because any security vulnerability that will be discovered in the future will remain unpatched leaving the system open to cyber attacks.
Unlike migrating from Windows XP, migrating from Windows Server 2003 can be more challenging because this time organizations need to migrate their server infrastructure with a significant impact on internal operations.
It’s likely that a significant number of companies and organizations worldwide will still use Windows Server 2003 for numerous reasons (i.e. Compatibility issue with legacy software, budget constraint, etc.).
According to a survey published by Spiceworks, 37% of the companies surveyed hadn’t migrated to a newer OS, of those organizations 8% had no plans to migrate and 1% did not know anything about plans for migration. According to the survey, the majority of the companies (48%) were partially migrated, just 15% have completed a full migration. The disconcerting thing is that 25% planned to complete the migration at some point after July 14th.
In November, the US-CERT issued an alert for the Microsoft Ending Support for Windows Server 2003 Operating System explaining that the product will no longer receive:
“Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003. Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.” states the US-CERT.
Security experts speculate a significant increase of the number of attacks against systems based on Windows Server 2003, the Trustwave threat intelligence manager, Karl Sigler, explained that network segmentation implemented by Windows Server 2003 systems, as well as malware filtering, would help to provide a further level of protection to the OS.
“Anti-malware gateways can filter exploits before they even reach your servers. This concept is generally known as ‘virtual patching’,” said Sigler. “By blocking an exploit with a gateway device like a WAF or a secure email gateway, you’re not as dependent on the physical patches that Server 2003 will be missing.”
Organizations that cannot update their Windows Server 2003 system must adopt further countermeasures to mitigate the risks of a cyber attack, for example, to improve network monitoring that could allow the identification of threats.
Microsoft Windows Server 2003 users have no choice, they must migrate as soon as possible to avoid serious repercussions on their organizations.
(Security Affairs – Windows Server 2003, Windows)