Story image

Windows Server 2003 end of life: what it means for security

14 Jul 15

Organisations need to be aware of the risks of running out-of-support platforms in the wake of Microsoft no longer issuing security updates for any versions of Windows Server 2003.

That’s according to Sasha Pavlovic, director of cloud and data centre security for Asia Pacific at Trend Micro.

Pavlovic says it’s important for organisations to understand the risks of running out-of-support platforms against the costs and effort of migrating to a new one.

He says organisations should loo at what they can do to mitigate security risks until their migration is finalised.

“The safest plan for your business is to migrate from Windows Server 2003, however there are options to help businesses in Australia and New Zealand buy more time and extend their upgrade plans beyond the 14 July deadline,” says Pavlovic.

“Virtual Patching is a security capability that virtually patches system and application vulnerabilities, protecting them from exploit,” he continues.

“In cases where legacy operating systems and applications are still being used, other than performing a full system upgrade, it’s the only alternative solution to ensuring your Windows 2003 workloads are kept safe and secure as you plan for your upgrade.”

Pavlovic says the end of support means two things. Newly discovered vulnerabilities in Windows Server 2003 will not be patched anymore, nor will they be documented and acknowledged by Microsoft.

He says this represents an increase in the risk of using Windows Server 2003. “However, many organisations still count on Windows Server 2003 for critical business operations. If you are still running Windows Server 2003 in your data centre, you need to take steps to protect your infrastructure,” says Pavlovic.

Pavlovic says the most important thing for a business to do is to make plans on migrating from Windows Server 2003, as recommended by Microsoft.

“If you haven’t been able to migrate yet, however, you can help protect your Windows Server 2003 system with a combination of virtual patching and system security until migration,” he explains.

“No single solution will address all security scenarios, but there is a combination of solutions and best practices you can follow to assist in keeping the data centre secure.”

Pavlovic says intrusion detection and prevention (IDS/IPS) technologies can shield vulnerabilities in out-of-support Windows Server 2003 systems before they can be exploited.

“Security tools with virtual patching capabilities offer automated virtual shielding of vulnerabilities that will help you extend the life of legacy systems,” he says.

To protect against changes in a system that is no longer being patched by Microsoft, Pavlovic says it is important to consider built-in system security capabilities, including integrity monitoring, enabling the detection of changes where there should no longer be any.

“This will allow you to keep Windows Server 2003 systems protected until they can be migrated, reducing risk and keeping your IT operational expenses low.”

Pavlovic says this combined approach to security will eliminate risk exposure from new vulnerabilities, including protection against zero-day attacks, and detect unplanned or malicious changes on the system, enabling rapid response to a potential attack.

Additionally, it will mitigate potential data security compliance issues for critical regulations like PCI DSS 3.0, and provide a smooth migration path to secure systems beyond Windows 2003, including Windows 2012, Microsoft Azure, and other leading cloud providers like Amazon Web Services (AWS), Pavlovic says.

Data centre cybersecurity actions that most people overlook
Schneider’s Steven Carlini discusses ways to improve data centre cybersecurity that most people don’t think of until it’s too late.
Alibaba Cloud showcases commitment to Hong Kong
The company’s service capability in Hong Kong has doubled since it established its first data centre in the city in 2014.
5 tips to reduce data centre transceiver costs
Keysight Technologies' Nicole Faubert shares her advice on how organisations can significantly reduce test time and cost of next-generation transceivers.
The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.