The federal government has joined the effort to warn of the cybersecurity and other risks that are likely to affect businesses that don’t address the end of service of one of Microsoft’s most prevalent operating systems.
The Department of Homeland Security has identified the end of support for Microsoft Windows Server 2003—set for July 14, 2015—as a critical threat, potentially opening up a raft of organizations to cyber-attacks and data loss.
As far as the scope of the affected, as many as 24 million servers are deployed globally, running both large and small businesses. An estimated 39% of all installed Microsoft Server operating systems are the 2003 edition, according to Microsoft.
Microsoft will no longer provide automatic fixes, updates, or online technical assistance past the deadline. Businesses running the operating system have the option to upgrade to a currently supported operating system, replace servers or transition their IT operations to a cloud-based service.
Computers running the Windows Server 2003 operating system will continue to work after support ends. But the US Department of Homeland Security US Computer Emergency Readiness Team (US-CERT) has alerted businesses that, “Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss. Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.”
But according to the US-CERT alert, “…using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.”
Underscoring the type of ongoing support the software needs, there were 37 critical updates released for Windows 2003 in 2013.
“Operating outdated server software systems could create a serious security risk and as the deadline looms, threats to data centers will increase,” said David Mayer, practice director for Microsoft solutions at technology distributor Insight, in a statement. “Every industry and companies of all sizes are potentially exposed. We are working with businesses to rapidly understand the critical decisions that need to be made. With a little more than six months until the service ends, a majority of businesses are still reviewing solutions, which could take as many as 18 months to implement.”
When Microsoft ended support for Windows XP earlier in the year, several enterprising hackers took advantage of the lack of security updates to compromise machines in much the same scenario that US-CERT is warning of here.
“The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities,” explained Tim Rains, director of trustworthy computing at Microsoft, at the time. “If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a ‘zero day’ vulnerability forever.”
Photo credit: drseg/shutterstock.com