Windows Server 2003: Is Your Data Safe?

On July 14th, support for Windows Server 2003 ends. How many servers do you still have that are on this platform? The risks posed by running an unsupported system are immense. We discover new vulnerabilities daily. These are exploitable by anyone from around the world. Perhaps it could be someone with malicious intent, or a bored teenager sitting in their parents’ basement.

Current estimates place the number of 2003 servers left in the world in the millions. Windows XP support ended April 8, 2014. Yet, according to browsing statistics from Net Application, in April 2015, 15.93% of sampled computers are on Windows XP. The highest responsibility for Information Systems workers is the security of the data in their charge. The only task of equal priority is business resumption and disaster preparedness.

If we look to recent headlines, we see evidence of what happens when you are running an unsupported platform. The Office of Personnel Management (OPM) in the United States has had a major breach of its systems recently. What the preliminary investigations show is that a breach in March 2014 provided intruders with [ostensibly outdated] documentation for the security configuration, along with user manuals for the hardware used at OPM. However, the problems go deeper than this. From Arstechnica:

“The “secure” Web gateway to OPM’s background investigation service […] is reached through a Windows Web server running JRun 4.0, Adobe’s Java application server, as well as ColdFusion, a platform that has been used for a number of breached government servers in the past few years. In 2013, someone hacked into Adobe and stole the ColdFusion source code. And Adobe dropped the JRun product line entirely in 2013—with extended “core” support ending in December of 2014.”

In this example, we clearly see that the results of using unsupported versions of software. Nevertheless, these upgrades cannot always happen easily. The bulk of the world’s ATM machines still run Windows XP. The upgrades have been happening slowly since 2007. While Windows XP is only part of the problem with ATMs, other issues can arise (e.g. not having good physical locks on the machine, not encrypting the operating system hard drives or even a lack of network level encryption within the ATM’s communications).

Security has many implications, from physical locks on a door, using data encryption, or updating your software in a timely manner. If you would like to discuss what your options are for migrating your systems to Windows 2008 R2 or later, please reach out to your dedicated sales representativew.