Microsoft ends support for Windows Server 2003

The end of support for Windows Server 2003 is a cyber-security challenge, making millions of users more attractive targets for hackers, security experts have warned.

According to Microsoft, today is the last day it will issue patches to support Windows Server 2003, the implications of which means any new vulnerabilities discovered in the operating system will not be fixed.

Microsoft is urging customers to migrate to Windows Server 2012, Microsoft Azure or Office 365. Those who wish to continue receiving Microsoft support for WS2003 will have to pay up to US$200,000 (£133,000).

Ian Trump, security lead at LogicNow – writing on SCMagazineUK.com yesterday – said that “end of life” makes users of WS2003 “the weak member of the herd”. 

According to analysts Gartner, there are currently eight million WS2003 users and the number could be even higher. Trump added: “This will fundamentally change how hackers will act, starting on July 15th – with so many potentially vulnerable servers online, it makes sense for hackers to make these the top priority.”

Unfortunately, the advice from Microsoft to upgrade your servers is too simplistic, he said, because it doesn't take into the account that many organisations use applications that rely on 16-bit DLLs which won't work on 64-bit systems.

He recommends a few steps to protect your system: virtualise the WS2003 server, remove and disable as many services and applications as possible and backup your data.

Iain Stephen, HP's vice president and general manager for servers in EMEA, told V3.co.uk that mid-size companies with anything up to 300 servers were at greatest risk. 

"For most small companies, it's a relatively simple transition. They are probably buying one or two servers every three or four years and the next server they buy will have an up-to-date operating system version," he said. "The customer that worries me is the one that has 30 or more servers, probably of mixed ages, and they may have heard something about the end of life deadline, but they may not be doing anything about it."