2 min Security

Old Windows Servers open door for intruders, quarter of organizations must upgrade soon

Old Windows Servers open door for intruders, quarter of organizations must upgrade soon

In October, Microsoft will stop providing updates for Windows Server 2012 and Windows Server 2012 R2. Although this has been public knowledge since May, thousands of organizations have yet to upgrade to a newer solution or, in extreme cases, purchase an additional three years of extended security updates.

Lansweeper surveyed 1.3 million instances of Windows Server running at more than 35,000 organizations. The results were troubling: while 6.72 percent already have outdated Windows Server installations running, 20.94 percent are still using Windows Server 2012. Since the end-of-life (EOL) date is already Oct. 10, thousands of companies need to take action at lightning speed.

Einde levensduur Windows-server.
Source: Lansweeper

Senior Technical Product Evangelist at Lansweeper Esben Dochy emphasizes that legacy products without patches will cause dangerous security holes in corporate networks. “The longer you keep a product around after its EOL date, the more security issues will pop up and go unpatched. Eventually, any unsupported product in your network becomes an open door for security breaches.”

Upgrade or ESU

There is still a stay of execution for organizations: those who have important applications running on legacy systems and cannot transfer them quickly still have three years of Extended Security Updates (ESU) to purchase. Dochy reports, however, that this is an expensive option. Servers that do not perform the most important tasks should start running on a supported version of Windows Server as soon as possible, he argues.

Lansweeper explains that Microsoft adheres to a clear “fixed lifecycle policy”. In other words, each version of Windows Server gets five years of general updates that both plug security holes and support new features. After that, there is another five years of support under Extended Support, which also closes all kinds of potential vulnerabilities. After that, ESU applies as a fallback for an additional three or four years.

Also read: Microsoft warns of Windows Server 2012/R2 end-of-life