Risks mount as Windows Server 2003 reaches end of life
Critical services and key business infrastructure could be under threat when widely used software reaches the end of its official life in coming months.
At least 12 million computers worldwide are believed to be running Window Server 2003, according to IT support specialists, Bespoke Computing – and hundreds or thousands of them could be in the Midlands region.
However the makers of the software, Microsoft, will stop supporting it from July this year, meaning there will be no more security updates.
The problem is considered so serious that the US Government’s Computer Emergency Response Team (CERT), part of the Department of Homeland Security, has issued a countrywide alert, warning companies to deal with the issue before it becomes a risk to national infrastructure and commerce.
Chris Pallett, managing director of Bespoke Computing, which has its headquarters on Telford’s Stafford Park, explained: “This might seem, at first glance, like a very dry and unexciting issue. The problem is that as soon as flaws and weaknesses in this software cease being fixed by its maker, computer criminals will have all the incentive they need to make concerted attacks on these millions and millions of servers – and once they find ways in there will be far fewer ways to stop them.”
This risk is greater than might otherwise have been the case because this version of the software has less built-in defences than more modern incarnations. It remains popular because it is from an era when software was less aggressive about licensed versions and Windows Server 2003 did not check in with Microsoft to make sure users had the licences for all of the copies they were running.
Mr Pallett added: “I think quite often companies have shied away from upgrading because everything was working fine and they feared disruption. We’re about to go past the point where sticking with the status quo is a sensible option! The risks of becoming vulnerable just aren’t worth it. No-one wants their business to be crippled, held to ransom or responsible for the loss of customer data. The good news is that it can be upgraded with minimum disruption as long as it is done expertly and with a planned approach.
“I can’t stress strongly enough though, this is not something anyone should ignore or stick their heads in the sand over. Pretty much everything relies on networks and servers now and this threat is very real because lots of these machines are connected to the internet. If you don’t know what your business is running, get an expert in to audit it and give you good options.”