WinServer 2003 end of support is only days away: What CISOs should do

CISOs have learned to resist the siren call of vendors when they issue new versions of software, understanding that added capabilities have to be needed to justify the expense.

However, there’s a point when venerable applications have to be cast aside. But it appears that organizations are still taking chances by running hardware with Windows Server 2003, although Microsoft will stop issuing security patches next week.

In April, integration firm Avanade — which is partly owned by Microsoft — issued a study showing that half of Canadian firms still had at least one server running the OS, and there’s no reason to believe that number is in single digits now.

That doesn’t mean they are running critical systems in production, but it’s still a risk.

So here’s a reminder: The last critical security patches will be issued July 14. Do something, because every day after that the odds increase an attacker will take advantage of vulnerabilities — as they did when support ended for Windows XP.

“There’s not going to be an immediate risk,” Karl Sigler, threat intelligence manager, Trustwave said in an interview Wednesday. But, he added, “it’s going to be a slow crawl towards insecurity. Every month that goes by where critical vulnerabilities are discovered they are going to go unpatched.”

Microsoft [Nasdaq: MSFT] will continue support for the OS — for a fee: US$600 per server in the first year.

There are at least three things CISOs should do, Sigler advises, if there are still WinServer 2003 systems in their environments:

–upgrade to Windows Server 2012 R2;

–upgrade to WinServer 2008 — remembering that support ends in five years;

–segregate WinServer 2003 machines onto their own network, and make sure traffic going to those systems is being monitored and filtered by an IPS or gateway.

Other options include shifting workloads to virtualized environments running a newer server OS or to a cloud/hosted provider, or dropping older applications in favour of a SaaS app.

In a report sponsored by Microsoft research firm IDC noted that moving to a more recent version of Windows 2003 will allow IT to take advantage of  IPv6, modern virtualization software with Hyper-V, comprehensive management with System Center 2012 R2, and improved product SKU options that help make it easier to deploy and manage Windows Server. In addition, customers can take advantage of newer Windows licensing terms, including gaining access to datacenter SKUs, which give customers per-socket licensing terms/costs in exchange for unlimited virtualization rights.

Interestingly, Sigler believes that the odds of a WinServer 2003 installation still online is more likely with larger firms than smaller ones because “server sprawl gets out of hand … a lot of systems get lost in the shuffle.”

It’s true smaller firms have tighter IT budgets and might want to keep systems going as long as possible. But Sigler believes these organizations have a better handle on their systems so are less likely to be running an older OS.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now