Twelve years in technology12 years doesn't seem like a long time ago, but in technology terms it's a very long time.
The Nokia 6310 was released in 2001 and its successor the Nokia 6310i was release 12 years ago. iTunes is 12 years old, although the iPod has been around a little longer. The iPhone has been with us for eight years and the iPad for five years. So it doesn't just sound like an Apple-fest, the Blackberrys were in their hard case holsters and Android formed as a company in 2003.
Why is this relevant? It’s not really, it’s just to put into perspective where technology was 12 years, the same time that Windows 2003 was released.
Windows 2003Windows 2003 was released 24th April 2003, but as of 14th July 2015, Windows 2003 will no longer receive support from Microsoft. There is also an IDC whitepaper covering why it’s important to upgrade here
What does no support mean?When Windows 2003 no longer receives support there will be a number of impacts:
- No patches, updates and fixes - This means that whether a vulnerability or issue is security related or not, Microsoft are not obliged to patch it or fix it in any fashion.
- There will be no support from Microsoft - Fairly simple you'd think, but again any issues encountered can not be raised or escalated to Microsoft.
- Applications support challenges - As Microsoft no longer support the operating system, why would the application manufacturers. This means that new versions of the application will only be supported on the newer operating systems.
- Compliance issues - There could be issues meeting compliance in healthcare or with PCI:DSS if an unsupported operating system is in scope.
The obvious answer is the upgrade, but if bespoke applications are being run and depend on specific versions of operating system or supporting applications such as databases running on specific version, upgrading is certainly not straightforward.
If you can't upgrade, or are unable to upgrade before the 14th July 2015, there is another option. Trend Micro have solution called Deep Security, which can protect physical, virtual and cloud based servers. Trend Micro Deep Security offers a number of features including anti-malware, intrusion prevention, host firewall, integrity monitoring, log inspection, application scanning and interestingly virtual patching.
Virtual patching or vulnerability shielding, is taking Trend Micro's understanding of the vulnerabilities and create a secure bubble around the Windows 2003 server preventing those vulnerabilities from being able to be used against the server.
Trend Micro Deep Security
Before being forced into a quick migration of your existing Windows 2003 servers, it would worth considering if Trend Micro Deep Security could be the way of keeping your existing environment secure for longer.