If you havn’t updated your 2003 version of Windows, then the time has definitely arrived. “For anyone who still runs Windows 2003, I hope it is where no one can access it, and they are working on a project to replace those servers,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.”
Some companies have persisted in delaying migration to updated versions of the windows operating system. This makes a possible security breach all the more likely.
“Windows Server 2003 may be working well enough to keep around, but the plain truth is that it hasn’t kept up with security. There have been many advances in security features over the past decade, and modern server operating systems, such as Windows Server 2012, have many features that aren’t present in Server 2003, Sigler said. One example is Dynamic Access Control, which allows system administrators to set new auditing and authorization controls to manage and track who can access the data stored on the system. Windows Server 2003 also doesn’t have enhanced virtualization services, website isolation and sandboxing, and Group Managed Service Accounts, all useful for locking down systems. And don’t forget, Microsoft won’t release any more security patches, so if someone develops an exploit targeting a heretofore unknown vulnerability in Windows Server 2003, it will never get fixed. That means organizations will always be at risk for that attack. There are exceptions, of course. One vulnerability discovered after XP’s end-of-life was sufficiently serious enough that Microsoft bent its rule to release a patch for those XP holdouts. It would be foolhardy to rely on that kind of leniency from Microsoft again if a serious bug is later discovered in Windows Server 2003, though.”
Microsoft suggests immediate upgrade to the latest server because of aforementioned security and database issues – “Organizations still running Windows Server 2003 should take immediate action to either replace their systems or isolate them and beef up security on those machines. The upgrade won’t be a quick process, as Microsoft estimates an average organization would take about 200 days to fully migrate Windows Server 2003. Figure out the number of Windows Server 2003 instances remaining and the type of hardware on which they are running. Determine what applications and virtual instances are running on each of these servers and what dependencies they have. Take the full view of the IT environment and plan out a migration plan. This may mean simply upgrading the software, or it may require a full hardware and software refresh. This may also be the opportunity to move to a cloud server, or look into a hybrid IT platform.”