The End of Support (EOS) for Windows Server 2003 is only a few days away. It is very important for CISOs and CyberSecurity decision makers in general to plan the next day once the support for this product has ended. Microsoft will stop issuing security patches next week and the risk of running a critical system in production will start to increase rapidly.
As a reminder, the date for your calendar as the last day a security patch will be issued is the 14 July 2015. As it happened with Windows XP, after its end of support, attacks against the Operating System increased in an attempt to exploit it.
For those who are not in a position to transition to a new server by the end of the support date, Microsoft will continue to support the OS during the first year for a US$600/p.y. fee.
There are alternatives which might help in this case and as you probably know, no single solution fits all scenarios.
- One option is to upgrade to Windows Server 2008 but keep in mind that the support will end in five years.
- Another option is to upgrade to Windows Server 2012 R2 which allows IT to take advantage of IPv6, virtualization software with Hyper-V and other added features.
If you cannot migrated to a newer server at the moment, it is highly advisable to review its hardening settings and segregate it onto its own network. Of course, make sure that the traffic to and from the server is filtered and monitored, by the use of a firewall and IPS.
For some companies, this might provide an opportunity for a swift to the Cloud. Depending on the available budget of each company, a transition to a Cloud based server might be an ideal solution to cut down cost of maintenance, gain on performance and be hardware independent.