Read Time: 3 Minutes
We all know out-of-date software is a huge security risk – up to 80% of TOP10 vulnerabilities could actually have been avoided with timely patching.
Servers, on the other hand, continue to be targets of attacks as the potential of gain for the attackers is so much bigger than with endpoints. According to Microsoft, there were 37 critical updates released in 2013 for Windows Server 2003/R2 under Extended Support. You can even find some videos on YouTube on how to hack these servers through known vulnerabilities.
Microsoft has announced end of support for Windows Server 2003. This means Microsoft will no longer provide security updates, hot fixes or online support for the product. To prevent possible disruption and security risks, Microsoft strongly recommends that if you are running Windows Server 2003, you build a plan to migrate today.
Spiceworks, the professional IT network, reports that 61% of the companies on its network still have at least one instance of Windows Server 2003 running within their company environment. At the last check, in November, there were between 2.6 million and 11 million global installations of Windows Server 2003 still in the wild.
This gives a huge number of possible attack points to online crooks. According to an article in Redmond magazine, the retirement of support for Windows Server 2003 will be one of the most important of the predictable security issues of 2015.
According to a study by Gartner, it is not just the operating system that should concern clients. Third-party software built on the unsupported platform would built up an environment that is unsupported.
Third parties that sell and support software, including business applications, may tie the support of their code to the status of the underlying operating system. Therefore, running the third-party software on Windows Server 2003 will constitute an unsupported environment.
Compliance is another reason to update. Using software that is non-compliant with key regulator and industry standards can increase your costs in penalties and transaction fees, as well as in support and maintenance. So in the end, rather than save costs, you will end up using more money while jeopardizing your company security. Managing risks comes extremely important in case a company will still run Windows Server 2003 after the official end of support date.
The costs of security breaches could then be anything, up to a point where your business continuity is in danger. Clients could have applications disrupted, data could be stolen or tampered with, and the compromised system may be used to eavesdrop and actively attack other systems.
F-Secure’s corporate server products; F-Secure Server Security and F-Secure E-mail and Server Security will support Windows 2003 Server until 24th of July 2016 and F-Secure Policy Manager Server 11- series and F-Secure Policy Manager Console 11-series will support Windows 2003 Server until 15th of June 2016. We would however advice you to update your servers as soon as possible. The upcoming Policy Manager 12-series and Email and Server Security and Server Security 12-series won’t support it anymore.