Support for Microsoft’s popular Windows Server 2003 software ends today, with security experts warning that IT managers who have yet to migrate off the platform will need to put extra mitigations in place to keep systems safe from attackers.
It’s likely that a significant number of organizations globally will still be running the legacy system past today – because they can’t afford to upgrade yet, have compatibility issues with mission critical apps, or for other reasons.
However, as Microsoft will from now on no longer be issuing security updates for the product, it’s also likely that cyber-criminals and other attackers will look to find and exploit new vulnerabilities targeting Windows Server 2003.
Trustwave threat intelligence manager, Karl Sigler, argued that network segmentation of Server 2003 systems, as well as exploit and malware filtering, would help to add this extra layer of protection.
“Anti-malware gateways can filter exploits before they even reach your servers. This concept is generally known as ‘virtual patching’,” he added.
“By blocking an exploit with a gateway device like a WAF or a secure email gateway, you’re not as dependent on the physical patches that Server 2003 will be missing.”
Network monitoring is another important step, Sigler claimed.
“By not upgrading Server 2003, your organization will be taking on more risk with every vulnerability that goes unpatched,” he said. “Monitoring your network for anomalous or strange traffic can be a crucial tool for identifying and containing a breach.”
Andrew Avanessian, vice president at Avecto, argued that server administrators should also use the opportunity to further reduce IT risk by implementing privilege management and app control.
“While sysadmins are notorious for demanding privileged access to applications, the reality is, allocating admin rights to sysadmins is neither acceptable nor necessary in a secure datacenter environment; they aren’t perfect and the possibilities for accidental misconfigurations when logging on to a server are endless,” he said.
“Application whitelisting will enable sysadmins to maintain business continuity throughout rewriting and refactoring of apps. Meanwhile, limiting administrator rights will ensure sys-admins are empowered to perform only the task at hand, while still obtaining the privileges they need to respond to urgent break-fix scenarios.”