This week the Department of Homeland Security issued an alert about the coming end-of-life for Windows Server 2003. Here’s the impact they cited:
- Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.
- Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.
- Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.
Of course, these concerns are nothing new. Unpatched systems quickly become exposed to a variety of hacker exploits and malware attacks. For evidence, look no further than this week’s PC World article on how European ATMs are vulnerable because they are running on unsupported Windows XP systems.
According to the article: For the first time, a country in Western Europe reported that malware attacks were used by hackers to steal €1.23 million (US$1.32 million) from ATMs. One primary cause is the continued use of unsupported Windows XP systems in ATMs, making them more vulnerable to malware. (Of course, Enterprise Reporter could assess these systems and report on OS and patch levels, as well as installed software, but I digress.)
This is consistent with other reports I've read that show retailer point-of-sale (POS) systems often run unpatched systems, including Windows XP. These unpatched systems are a VERY COMMON target for hackers, who typically seek the past of least resistance to penetrate networks.
Extend this logic out to Windows Server 2003, which often hosts sensitive data, user accounts and Active Directory, and the warning signs are clear! Compliance failures will be the least of concerns…
For more on the Homeland Security report, the Wall Street Journal published a nice summary.
To learn how Quest can help, take a look at our ZeroIMPACT Windows Server Migrations or click below for information on IT Governance Risk & Compliance.