As detailed in the news online Microsoft is ending the support lifecycle of Windows Vista today. It will no longer receive security updates going forward.
With the installation share of Windows Vista being only approximately 1% of all installed operating systems, the number of users/systems affected is small. However they should still seriously consider migrating to newer operating systems and possibly newer hardware to support their new choice of operating systems.
Since this is a consumer oriented operating system, the recommendations previously provided for Windows Server 2003 do not apply here. Check if your current applications are compatible with newer operating systems and migrate at your earliest convenience to minimise future since the support lifecycle has ended.
On the 14th of July 2015, just 9 days from now a very significant milestone will be reached by Windows Server 2003, namely the final day that it will receive security updates from Microsoft.
While this version of Windows is now 12 years old, it is still very widely used by companies for critical business operations. Exact figures for the number of servers affected vary but easily reach into the millions.
This end of life/support is significant for companies that operate in heavily regulated industries such as e-commerce, banking/finance and healthcare (among others). Non-compliance with regulations such as PCI-DSS and HIPAA will result in heavy fines. Please note that even if you opt to pay for Server 2003 to continue to be patched by Microsoft only Critical vulnerabilities (i.e. vulnerabilities that are rated critical by Microsoft) will be patched (vulnerabilities that are rated Important can be patched if you opt to pay even more for such patches from Microsoft).
For advice on migrating from Windows Server 2003, please see the dedicated Microsoft site. I would also like to recommend this webcast from (ISC)2. While it was recorded back in May of this year it does provide easy to follow advice on migrating from Server 2003 to more modern operating systems.
The advice includes (available in 3x downloadable PDF files within the “Attachments” tab):
- Assessing the risk to running an operating system after the end of support date
- How to mitigate risk after this date (using controls such as network isolation, application whitelisting and continuous monitoring)
- Provides a plan to migrate from Server 2003 (which should take about 200 days to properly implement to ensure there will be no interruption to business operations)
An alternative to migrating to a newer server operating system is to migrate to a cloud based platform.
Please note that while a BrightTalk account is required to view the above webcast, creation and use of that account is free. I don’t wish to endorse this webcast over the many others that are available on this topic, it simply provides practical advice and the content is easy to follow/understand.
I hope the above advice is useful in migrating your business operations from Windows Server 2003 while minimizing any disruption.