One in 10 web-facing computers is still running Microsoft Windows Server 2003, according to a report – despite the OS no longer being patched by Microsoft.

Hundreds of thousands of computers are still using the Windows Server 2003 operating system – despite it no longer being patched against hacks.

Internet services found more than 600,000 web-facing computers, together hosting millions of websites, still running the OS that Microsoft ceased supporting in July this year.

The end of support means the OS no longer receives patches against viruses, spyware and other malware that might seek to exploit the system. The US Computer Emergency Readiness Team warns that those running Windows Server 2003 risk “loss of confidentiality, integrity, and or availability of data, system resources and business assets”.

Despite these risks, 175 million websites – what it terms “one-fifth of the internet” – are hosted on machines running Windows Server 2003. The OS also appears to be in use on computers sitting behind web servers for a further 1.7 million sites.

Together accounting for 55 percent, the US and China are home to the bulk of the machines running Windows Server 2003, with 166,000 in the US and 169,000 in China.

The unsupported nature of Windows Server 2003 makes it a tempting target for attackers – which is why it is important for firms to switch away from the OS as soon as possible.

“As time goes by, there will be some vulnerabilities that affect Windows Server 2003 and if those allow things like remote code execution and so on, we’re likely to see a massive number of web-facing computers and a much larger number of websites getting hacked. These could then go on to distribute malware and even be made into botnets to enable other attacks.

“Of course, because Windows Server 2003 is now unsupported, those people who try to find vulnerabilities might even now be particularly focusing on this platform because they know it won’t be fixed.”

Windows Server 2012 R2 is the most recent version of Microsoft’s server-targeted operating system – with a variety of options for licensing. In part, the cost of moving to a more recent Microsoft OS for the proportion of machines still running Windows Server 2003.

“[That proportion] is over 10 percent of all web-facing computers, and shows the true potential cost of migration,” the report states.

Moving a server to a Linux-based OS can be difficult for organisations that have traditionally used Windows Server, Mutton said, particularly if they rely heavily on scripts written for ASP.NET, Microsoft’s server-side web application framework.

The report lists several major firms and banks still running Windows Server 2003 machines, including UK bank NatWest, part of the larger publicly-owned Royal Bank of Scotland (RBS).

However, while Microsoft is no longer supporting the OS for most users, it will offer fixes for the OS to organisations willing to pay for a custom-support deal.

Such a deal was recently struck by the US Navy, which agreed to pay at least $9m to Microsoft to provide ongoing support for Windows XP, Office 2003, Exchange 2003 and Server 2003. A spokesman for RBS said NatWest is also covered by a custom support deal with Microsoft that began in March this year.

Firms without such a custom support deal in place that use Windows Server 2003 to serve sites that handle financial information could be in breach of data security standards, which carries out security testing and assessments for companies.

The requirement under Payment Card Industry Data Security Standard (PCI DSS) 6.2 that “all system components and software to be protected from known vulnerabilities by installing vendor-supplied

“Many merchants still using Windows Server 2003 are likely to be noncompliant and could face fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts.”

Microsoft advises several options for machines still running Windows Server 2003 – including switching to Windows Server 2012 R2 or its cloud platform Microsoft Azure. It provides an interactive Windows Server 2003 Migration Planning Assistant.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

How to organize your migration from Windows Server 2003

Following on from end of support for Windows XP in April 2014, we are now rapidly approaching Windows Server 2003 end of life.

Despite Microsoft warning about end of life for Windows Server 2003 as early as April 2013, many organisations are yet to begin their migration away from the server platform. Worse still, many organisations and IT pros are unaware of the huge financial costs and security risks should they continue running Windows Server 2003 past the end of life date.

Reports from HP claim that more than 11 million systems are still running Windows Server 2003. With fewer than 240 days left until end of life, this a huge problem as the estimated time required to migrate a datacentre of 100 or more servers can range from a minimum of three months and upwards of 18 months.

If you own even one of those 11 million servers and you have yet to begin migration, you should be worried. Luck for you, the following guide will migrate you to a position of safety. We will cover the following:

• Windows Server 2003 End of Life date
• Understanding what end of support means for Windows Server 2003 and the associated impacts
• An outline of how to migrate Windows Server 2003
• Resources to aid migration

Windows Server 2003 End of Life date

According to the Microsoft Support Lifecyle section on 14 July 2015, Microsoft will end extended support on all versions of Windows Server 2003/R2.

Understanding what end of support means for Windows Server 2003

From then on, this means no more updates or patches from Microsoft, which can result a less secure and less stable infrastructure for your business. What this really means:

• Maintenance Costs – running legacy servers is expensive. Intrusion detection systems, advanced firewalls and network segmentation are required to protect a now vulnerable Windows Server 2003 platform. You will also have increasing cost from maintaining aging hardware. Current estimates in a TechNet post from Alex Fu place the cost of custom support post end of life at US$200,000 on average. In a Q&A with David Mayer, practice director of Microsoft Solutions for Insight Enterprises, he estimated a support cost of $1500 per server per year.

• No Updates – there will be no more updates to fix bugs, performance issues and security vulnerabilities. To put this into perspective, 2013 saw the release of 37 critical updates for Windows Server 2003/R2. Past the end of life date, these critical issues will remain unfixed leaving you open to cybersecurity dangers such as malicious attacks or electronic data loss.

• No Compliance – once support ends, your organisation will almost certainly fail to meet industry wide compliance standards. Regulations such as HIPAA, PCI, SOX & Dodd-Frank all require regulated industries to run on supported platforms. The impact is twofold: Non-compliance could result in the loss of business, while high transaction fees and penalties from non-compliance could dramatically increase the cost of doing business.

• Software and Hardware Compatibility Issues – new software and hardware devices will not be built to integrate with Windows Server 2003. Sticking with a legacy server means you will likely run into compatibility issues and may not be able to run new instances of software or communicate with the latest devices.

• No Safe Haven – without continued support from Microsoft, virtualized and physical instances of Windows Server 2003/R2 and Microsoft Small Business Server (SBS) 2003 will not pass a compliance audit.

How to migrate from Windows Server 2003

Do not underestimate the task that lies ahead. Migrating applications and server workloads is no easy task. Worryingly, a study by App Zero suggests that 62 per cent of organisations do not have a plan to upgrade or migrate, or even know that EOS is coming.

• Discover – first up is discovering and cataloguing all the software and workloads that are running on Windows Server 2003/R2 at present. Download the Microsoft Assessment and Planning toolkit as this will be a worthy support document.

• Assess – now you have a list it’s time to analyse and categorise all your applications and workloads based on type, criticality, complexity and risk. This helps you prioritise for migration as well as identify issues and opportunities.

• Target – in this step, you must choose a destination for each application and workload. This could be the perfect time to evolve your organisation to the next level and embrace the cloud. Microsoft offers a series of destinations for each application or workload which could include:

o Windows Server 2012 R2
o System Center 2012 R2 (Private Cloud)
o Microsoft Azure (Public Cloud)
o SQL Server 2014
o Office 365

• Migrate – now is the time choose a migration plan. Microsoft offers a fantastic Migration Planning Assistant which covers all four steps. Look for official Microsoft training courses to give you an in-depth understanding of the new platforms you are planning to migrate to.

Resources to aid migration

Due to the widespread requirement to migrate, there is a range of fantastic resources to aid migration. These include:

Microsoft Virtual Academy – arguably the largest and best collection of free self-study resources from Microsoft experts including videos, slide decks and self-assessments. Check out the section on migrating to Windows Server 2012, or the Microsoft zure JumpStart.

Windows Server 2003 Roles Migration Process – download this document and turn it into an A3 poster, stick it on your wall and use it to visualise the whole process.

Microsoft Deployment Toolkit – download this fantastic resource, which provides a collection of processes, tools and guidance for automating new desktop and server deployments.

Free Software Trials – Microsoft have a series of trials so you can check out the new software. Here they are:

• Windows Server 2012 R2 trial
• System Center 2012 R2 trial
• Microsoft Azure one-month trial
• Office 365 trial
• SQL Server 2014 trial

Windows Server Migration Services – there are a series of organisations that offer assistance in migrating away from Windows Server 2003. Big players include:

• Dell
• RackSpace
• HP

Time is running out — start your migration away from Windows Server 2003 today. Fail to do so and you find yourself facing some organisation-crippling consequences

Have questions?

Our Business IT Server Migration Specialists in NJ, PA & DE are here to help.
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/server-support/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.