When was the last time you cared about, or even thought about, the version of the operating system one of your servers was running? How mundane a thought is this? Well, if you're the IT guy or the one ultimately responsible for your company's IT, it's something that you better be thinking about. At least to the degree that you make sure NONE of your servers are running Windows Server 2003!
This is because Windows Server 2003 is literally at the end of its life. With a due date of July 14, 2015, Microsoft has officially declared it dead. Does this mean it's automatically going to stop working? No. It'll still function. But it DOES mean that it's going to be a ticking time bomb - literally ticking down until you're hacked. And then the fun begins. It would almost be better if it would stop working - then everyone running it would be forced to make a change. But because there's no apparent pain, people are being lulled into a false sense of security.
Recently, the US Department of Homeland Security issued a warning about the security threat Server 2003 poses. A CERT notification posted here warns of the dangers of cyber attacks your business will be exposed to. Microsoft recently released a patch addressing a dangerous bug for every server operating system BUT 2003.
The US-CERT alert points out that systems which do not receive regular security updates are at a far greater risk of compromise, both through malicious attacks and data exfiltration. They warn that users may encounter compatibility problems with both hardware and software, as vendors no longer support Windows Server 2003. They also warn that running Windows Server 2003 past the end of support may put the organization out of compliance with private, industry and government regulatory bodies.
Although it was released over 11 years ago, Windows Server 2003 remains popular. Redmond Magazine cites Microsoft as saying that as of July 2014 there were 24 million instances of Windows Server 2003 running on 12 million physical servers globally. In North America there are 9.4 million instances and, worldwide, Windows Server 2003 still constitutes 39 percent of the Windows Server installed base.
Needless to say, this is a HUGE number of organizations about to assume a significant amount of risk that could easily be remedied by simply upgrading. Easier said than done though. Most of these servers are in place because of some legacy application. So care needs to be taken to ensure a seamless transition for the organization.
That said, time is running out. And there's no better time to deal with this than now.
What's the status of your servers? Do you know? Are you safe from this risk? Give us a call if you need help figuring this out.