Microsoft cancels support for Server 2003

Posted: July 14, 2015

14-07-2015 – It’s been coming for a while but the day has finally arrived. After 12 years of patches and updates, Microsoft has pulled out the rug from underneath Server 2003 support.

If you’re still using it, you’re on your own.

What’s the problem? Are you at risk?

If your server has exposure to Internet or runs critical applications then yes, definitely.

Research released this week by Telsyte and Dell found that 20% of Australian companies are still on Server 2003. That makes a huge target for hackers. In todays internet connected world, don’t think that you’re too small a target to be hacked – you’re just one in a very attractive group of 420,000 potential victims in Australia alone.

It means that any new vulnerability that is discovered (and I would bet an arm and a leg there are still more to be found) won’t be patched by Microsoft automatically. No new automatic security updates will be released.

If your data is breached in some way the fix could cost most businesses many times what an upgrade to Server 2012 would be. That’s if it doesn’t cripple the business.

Now is actually the best time to plan an upgrade

Mainstream Support for Server 2008 has already ended and the product is in Extended Support mode. That ends on 14 January, 2020.

Server 2012’s Mainstream Support period will expire in January 2018.

Server 2012 will be superseded by Server 2016 in the next 12 months.

While its easy to be cynical about product life-cycle and End of Life technology, 2003 Server has stood the test of time – a very popular and arguably very stable platform, but all good things must come to an end.

If you are still running 2003, perhaps even as just a legacy application host, then the platform must have some form of significance to the business – otherwise shut it down and leave it. The business risk is not only to the application or service it hosts, but to other connected resources and systems in the environment.

Right now is the best time to do two things: secure your Server 2003 product and make an upgrade plan. 18-24 months of runway prior to migration is the perfect amount of time to ensure that all the loose end legacy applications, user change management, licensing etc can be tied off and part of a well-managed, seamless changeover. A pilot migration can be conducted in a controlled environment to discover hazards well ahead of the actual cutover.

In the meantime, Continuous Vulnerability Scanning like the kind we provide is going to keep your environment as secure as possible and understand the vulnerabilities that are evolving over time.

Every day, the risk increases

The way ahead is clear. If you have critical applications running in a Server 2003 environment and you don’t have a plan for migration, now is the time to make one.

Change doesn’t have to painful, it just needs to be managed. You can overcome the challenge with minimal disruption if the migration is planned and executed by an expert company. It sounds unsophisticated to make the point that without a change your exposure to risk increases by the day, but that’s the simple fact of it. The time for change is upon you.

To understand more of what you’re up against, get in touch with us. We’ll give you straight, unbiased advice on the level of risk your particular server or group faces, depending on where in your network it sits and what kind of information and applications it processes.

Update – Window Server 2016 has been superseded by Server 2019. Here is a link to compare the updated features of Window Server 2016 and 2019.

James Walker