'

Homeland Security alerts on end of Windows Server 2003 support

US-CERT, part of the Department of Homeland Security, is warning that the end of support for Windows Server 2003 is coming.

An alert from US-CERT (the Computer Emergency Readiness Team) warns of dangerous consequences for organizations that continue to run Windows Server 2003 R2. Microsoft has scheduled the end of support for this operating system on July 14, 2015. This applies to both the initial and R2 editions of Windows Server 2003.

Read this

Drop what you're doing and patch the Windows Schannel bugs now

One Microsoft security update from yesterday stands out from the rest for severity and unanswered questions. Apply the MS14-066 update now or at least make sure your IPS has updates for it.

Read More

Although it was released over 11 years ago, Windows Server 2003 remains popular. Redmond Magazine cites Microsoft as saying that as of July of this year there were 24 million instances of Windows Server 2003 running on 12 million physical servers globally. In North America there are 9.4 million instances and, worldwide, Windows Server 2003 still constitutes 39 percent of the Windows Server installed base.

After July 14, 2015 (a Patch Tuesday) these servers will no longer receive security updates or assisted technical support. Microsoft has been conducting their own campaign to get customers to upgrade. As with Windows XP, organizations can pay Microsoft for an extension of support.

The US-CERT alert points out that systems which do not receive regular security updates are at far greater risk of compromise, both through malicious attacks and data exfiltration. They warn that users may encounter compatibility problems with both hardware and software, as vendors no longer support Windows Server 2003. They also warn that running Windows Server 2003 past then end of support may put the organization out of compliance with private, industry and government regulatory regimes.

US-CERT is a public service run by the US Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC).

Hat tip to Insight.