An alert from US-CERT (the Computer Emergency Readiness Team) warns of dangerous consequences for organizations that continue to run Windows Server 2003 R2. Microsoft has scheduled the end of support for this operating system on July 14, 2015. This applies to both the initial and R2 editions of Windows Server 2003.
Although it was released over 11 years ago, Windows Server 2003 remains popular. Redmond Magazine cites Microsoft as saying that as of July of this year there were 24 million instances of Windows Server 2003 running on 12 million physical servers globally. In North America there are 9.4 million instances and, worldwide, Windows Server 2003 still constitutes 39 percent of the Windows Server installed base.
After July 14, 2015 (a Patch Tuesday) these servers will no longer receive security updates or assisted technical support. Microsoft has been conducting their own campaign to get customers to upgrade. As with Windows XP, organizations can pay Microsoft for an extension of support.
The US-CERT alert points out that systems which do not receive regular security updates are at far greater risk of compromise, both through malicious attacks and data exfiltration. They warn that users may encounter compatibility problems with both hardware and software, as vendors no longer support Windows Server 2003. They also warn that running Windows Server 2003 past then end of support may put the organization out of compliance with private, industry and government regulatory regimes.
US-CERT is a public service run by the US Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC).
Hat tip to Insight.