Story image

Old servers present cyber criminals an opportunity to compromise your business

23 Jul 2015

Microsoft’s product lifecycle provides at least ten years of support for its operating systems, ensuring that organisations can gracefully upgrade to a new version while support for the older version is still available.

As of last week, Microsoft has discontinue support for Windows Server 2003. In addition to the risks posed by the lack of security updates, continued use of an unsupported operating system may violate external regulatory or compliance requirements, and third-party software vendors may withdraw support for products on Windows Server 2003 systems.

The number of vulnerabilities identified in Windows Server 2003 significantly increased after it entered the extended support phase in the second half of 2010. According to Secunia, 22 vulnerabilities affecting Windows Server 2003 were unpatched as of March 31, 2015, and Microsoft has not announced if any of these issues will be addressed in security updates released before the July support deadline.

The operating system will likely contain unaddressed vulnerabilities now Microsoft has discontinued support, essentially acting as perpetual zero-day vulnerabilities. Some vulnerability researchers and threat actors have historically delayed announcing severe vulnerabilities until after support for a product ends, increasing the value and potential impact of exploits.

Whilst the best advice is to migrate to a modern server, for those still using Windows Server 2003 and older, the typical migration takes an average of seven months. This is a significant window for cyber criminals to penetrate the unsupported platform and compromise the rest of the business.

During this time, it is critical businesses mitigate the exposure as effectively as possible. Most customers will look at logically segmenting or isolating the vulnerable applications or servers during this time by putting a 'virtual' ring fence around the applications themselves.

However, these compensating controls are not recommended as it will not provide complete protection against the vast number of threats that will occur now support has ended. The other option is to pay Microsoft to continue to support Windows Server 2003. However, the cost of this outweighs the benefits and it is much more valuable to begin the process of migrating rather than implementing a stop-gap solution.

By Phillip Simpson, Dell SecureWorks principal consultant APJ.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.