The grim reaper approaches for Windows Server 2003

Microsoft will end support for its 12-year-old server operating system

Data center

Data center

Microsoft's Windows Server 2003 has its Windows XP moment coming very soon, and that's bad news for IT leaders who have been dragging their feet.

The company will end extended support for the 12-year-old operating system on July 14. That will leave users without security patches and other updates for any applications still running on the OS, which went out to manufacturers just weeks after the start of the second Iraq war. Microsoft says there were almost 24 million instances of Windows Server 2003 running in July 2014, though it hasn't released more recent numbers as the end-of-support date has loomed.

According to Mike Schutz, Microsoft's general manager of cloud platform marketing, the good news is that most of the customers Microsoft has spoken with have moved "the vast percentage" of their server workloads off Windows Server 2003. But that still means that there are holdouts who will be left to protect their own servers as Microsoft cuts off security improvements.

Sanofi, a pharmaceutical company that has its U.S. operations based in New Jersey, is one such company. Mike Stager, the company's senior director of server, storage & recovery, said in an interview that the company is now working to secure the segment of its server fleet that's still running Windows Server 2003. That's the first step in Sanofi's transition away from the old software, which will take the next "couple of years" to complete. Stager said the company started on this path "very late," which is why they are so far behind in quitting the OS.

"We are a very large company with over 12,000 x86 servers, and I'm going to say that to my knowledge, we're no different than any other large company where application lifecycling does not seem to be at the forefront," he said. "It's really more deploying new applications, and what has been lost in the mix has been our ability to stay on top of the operating system versions." That has led to the company having a large percentage of its systems running on the expiring OS.

The silver lining to the transition is that users probably won't feel nearly as much of an impact from the Windows Server migration as they did when Microsoft ended support for Windows XP. Consumers are not affected by the end of support for the server operating system, said Al Gillen, IDC's program vice president of system software.

From an IT perspective, Stager said that the server changes at Sanofi will, at least in the short term, be less disruptive to the company's end users than having to swap out their desktop workstations while ensuring that multiple applications continue to run on a new OS simultaneously.

Microsoft is trying to make that transition as easy as possible by providing resources on its website to help IT administrators evaluate their options for migration. In addition, he said Microsoft has a number of partner companies with migration expertise that companies could work with.

For right now, Stager said that companies without a transition plan need to figure out how they're going to secure their environments, and then focus on moving applications. Only then can they move away from the old server operating system. In addition, IT departments need to get the company's application developers on board with the shift right away.

"Get to the applications team as quickly as possible," he said. "Make sure that they're aware of what has to happen and why. I find that applications teams don't always have the full picture because in a large company, communications aren't always as efficient as they could be."

One option for organizations that are stuck with Windows Server 2003 and have a Premier Support plan is to pay Microsoft for an extended support contract that will provide them with security fixes for a limited period of time. It's a costly fix, though: those extended service contracts are "not for the faint of wallet," Gillen said in a report on the transition.

That's borne out by the experience of the U.S. Navy, which is paying Microsoft $9.1 million for a contract that provides extended support for Windows Server 2003, Windows XP, Office 2003 and Exchange 2003.

An added benefit of getting away from Windows Server 2003 is that IT administrators can potentially kill two birds with one stone and also move away from SQL Server 2005, which will lose extended support on April 12, 2016, Schutz said. Many of the current instances of SQL Server 2005 are running on Windows Server 2003, so it makes sense for companies to migrate them all in one fell swoop.

As for Sanofi, Stager said the company is also taking this opportunity to develop methods that will ensure it won't fall into the same situation again.

Join the CSO newsletter!

Error: Please check your email address.

Tags patchesMicrosoftsecurityWindowsbest practicessoftwareIT managementoperating systems

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Blair Hanley Frank

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place