UPDATED 03:41 EST / JULY 14 2015

NEWS

It’s D-Day for Windows Server 2003 as Microsoft ends support

As of today, Microsoft is finally pulling the plug on support for Windows Server 2003, which means those businesses still running it must choose between upgrading their systems now or exposing themselves to the risks of running an unsupported OS.

It’s a similar scenario to the end of support for Windows XP last year. It’s believed that millions of businesses are still running Windows Server 2003, with Microsoft having sold more than 27 million licenses between 2003 and 2013. According to research from Hewlett-Packard Co., it’s believed there could be as many as 11 million instances of Windows Server 2003 still up and running.

Mike Schutz, Microsoft’s general manager of cloud platform marketing, told Computer World that “the vast percentage” of customers have already moved their server workloads off of Windows Server 2003, but that still leaves lots of room for holdouts who’ll be faced with protecting their own servers now Microsoft’s security updates have ended.

What are the risks?

The security implications are clear enough. In 2013, Microsoft issued 37 “critical” updates to Windows Server 2003, and another 21 in the following year. These figures suggest the platform is still extremely vulnerable to bugs that have not yet been exposed, and which won’t be patched once they’re noticed. It’s believed that cyber criminals could be ready and waiting with numerous zero-day vulnerabilities, which they’ll try and use to steal corporate and customer data once D-Day hits.

That could cause problems with compliance for any company which handles sensitive data such as customer’s credit card details, experts warn. Regulators often use port scanning software to hunt for servers running out-of-date software, and should one be flagged for PCI DSS (Payment Card Industry Data Security Standard) compliance, organizations could be subject to heavy fines or even barred from processing credit card payments or handing sensitive data.

“The cost of being ‘left behind’ because third party application vendors won’t provide patches and upgrades that work on WS 2003 will be difficult to quantify… but I imagine should an application fail and shut down a business process, the cost will be very real and easily quantifiable,” Ed Shipley, CTO of Camwood UK, told The Register.

There’s good reason why regulators are so watchful. Unpatched systems quickly become vulnerable to all manner of exploits and malware attacks, as illustrated in this PC World article about how numerous European ATMs are now vulnerable because they’re still running on old Windows XP systems, citing one case in which attackers used malware to steal $1.32 million from vulnerable cash machines.

Functionality could also prove problematic in the near future. While Windows Server 2003 will no longer be supported, some applications running on it might be, and future updates could well cause problems if bugs are present in the platform.

As such, Microsoft has used this as part of its “carrot and stick” approach to get companies to upgrade. As well as warning of the security and compliance risks, Microsoft has repeatedly pointed out how business are missing out on the opportunities afforded by running their workloads on a more advanced platform.

Why hold out?

All of this begs the question, why haven’t some businesses upgraded already? Recent research from Avanade Inc. shows that 18 percent of organizations are “okay” with the potential risks mentioned above, while other stumbling blocks include the complexity of legacy applications, the cost of migrating, and the lack of internal skills to do so.

Angela Cross, UK & Ireland country manager for HP Servers, told The Register that “apathy” is another reason, saying that many organisations simply don’t appreciate how serious the problems could be.

“Perhaps because they haven’t had a major breach or don’t have the money to do the upgrade they have decided to take the risk,” she said. “In 2014 there were in excess of 30 security related breaches, and there is a genuine potential that something could go wrong. This is not hype, [up-to-date] patches and firmware are needed.”

Mike Stager, senior director of server, storage & recovery at pharmaceutical firm Sanofi S.A., pointed to the sheer complexity of migrating as the reason why his company was only beginning to do so now.

“We are a very large company with over 12,000 x86 servers, and I’m going to say that to my knowledge, we’re no different than any other large company where application lifecycling does not seem to be at the forefront,” he told Computer World. “It’s really more deploying new applications, and what has been lost in the mix has been our ability to stay on top of the operating system versions.”

What are the options?

For many customers, the easiest option is to upgrade to a newer version of Windows Server. Microsoft says the best bet for most its customers will be to move to Windows Server 2012 R2, though Windows Server 2016 will also be an option when its released next year. Companies could alternatively shift their some or all of their operations to Windows Azure in the cloud, or other cloud providers.

One final option that exists is to simply pay Microsoft to keep on providing support. Just as it did with Windows XP, Microsoft is willing to cut a deal with those who don’t have any alternative, but be warned that it won’t come cheap. According to an unconfirmed estimate from Pica Communications’s Paul DeGroot, the company will also around $600 per server, per year for custom support.

Image credit: WikiImages via pixabay.com;

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU