On the 14th of July 2015, just 9 days from now a very significant milestone will be reached by Windows Server 2003, namely the final day that it will receive security updates from Microsoft.
While this version of Windows is now 12 years old, it is still very widely used by companies for critical business operations. Exact figures for the number of servers affected vary but easily reach into the millions.
This end of life/support is significant for companies that operate in heavily regulated industries such as e-commerce, banking/finance and healthcare (among others). Non-compliance with regulations such as PCI-DSS and HIPAA will result in heavy fines. Please note that even if you opt to pay for Server 2003 to continue to be patched by Microsoft only Critical vulnerabilities (i.e. vulnerabilities that are rated critical by Microsoft) will be patched (vulnerabilities that are rated Important can be patched if you opt to pay even more for such patches from Microsoft).
For advice on migrating from Windows Server 2003, please see the dedicated Microsoft site. I would also like to recommend this webcast from (ISC)2. While it was recorded back in May of this year it does provide easy to follow advice on migrating from Server 2003 to more modern operating systems.
The advice includes (available in 3x downloadable PDF files within the “Attachments” tab):
- Assessing the risk to running an operating system after the end of support date
- How to mitigate risk after this date (using controls such as network isolation, application whitelisting and continuous monitoring)
- Provides a plan to migrate from Server 2003 (which should take about 200 days to properly implement to ensure there will be no interruption to business operations)
An alternative to migrating to a newer server operating system is to migrate to a cloud based platform.
Please note that while a BrightTalk account is required to view the above webcast, creation and use of that account is free. I don’t wish to endorse this webcast over the many others that are available on this topic, it simply provides practical advice and the content is easy to follow/understand.
I hope the above advice is useful in migrating your business operations from Windows Server 2003 while minimizing any disruption.