After July 14, 2015, Microsoft will no longer issue fixes or updates of any kind for Windows Server 2003, as the company has been warning customers for a while now. Microsoft is continuing to advise customers still running that OS to move to Windows Server 2012 R2 (its most recently released version of Windows Server) and/or Azure.
Just a quick reminder as to what "end of support" means in these cases. Customers can continue to use their unsupported products, but they will no longer get any kind of updates, including security updates, for free from Microsoft. Only those customers who pay for custom contracts and who agree to adhere to a phase-out schedule for the unsupported software are eligible to continue to get updates designated as "critical" and "important."
"Custom Support costs can vary, depending on specific customer needs, such as the number of server instances requiring continued support. We recommend customers work with their Microsoft Account Representative to determine applicable pricing for their environment."
At this point, there are no guarantees that Microsoft will do what the company seemingly did with XP, in terms of cutting custom contract pricing.
Pica Communications Principal Consultant Paul DeGroot said that customers may benefit from playing a bit of "brinksmanship."
DeGroot analyzed how many critical Windows Server 2003 patches Microsoft issued over the past five years, and found that the top seven issues were all related to "rendering of some ASP.NET pages." He also found that a number of the recent critical patches were relevant only for specific configurations, such as for Itanium Servers only.
"Custom Support Agreements are retroactive. If you wait for a year and there's finally a critical update that really counts, you'll pay retroactive to the end of support. In other words, if you don't pay Microsoft now, it won't cost you more to purchase it later, and you'll still get critical updates," DeGroot noted.
Playing custom-patch roulette seems like risky business. In addition to the obvious security concerns due to running unpatched software, customers also are chancing compliance violations. But given many customers still won't be ready to pull the plugs on their Windows Server 2003 boxes on July 8, 2015, when support ends, some may decide to take the risk.