We’ve been down this road before….dozens upon dozens of physical or virtual servers reside in your infrastructure and they are out of date, needing to be patched or worse…at end of life! Whether you have physical servers or VM’s running in your infrastructure, chances are you have some machines that are running Windows Server 2008 R2. This year, more than others, is the reason to upgrade those servers to either Server 2012, Server 2016 or Server 2019.
Security Concerns With End of Life Products:
End of life is a big deal, not because it is time to upgrade to a new shiny OS, or because you can get new features out of newer systems, but because of security. All of the big manufacturers (hardware and software vendors) have gotten into the habit of pushing their customer base to their newest product. This is true for both consumer and business products. Windows Server operating system releases under the Long Term Servicing Channel are supported by Microsoft for 10 years, with five years of mainstream support and an additional five years of extended support. Microsoft is notorious for cutting support on their Server OS’s after end-of-life and once that happens, it is open season for hackers, crackers and security experts to test, penetrate and publish. In fact, a popular research article published by CDW in 2015 noted that “hackers typically spend a significant amount of time discovering and developing an exploit for bugs. As long as a product is within the support period, the bug has a “shelf life” until a patch is developed. However, once a product reaches the end of the support period, this shelf life is essentially open ended. For the hacker, this means they get a significantly longer exploitation time for the effort they put into developing the exploit of a bug.”
Interestingly enough, many in this underground industry know that managers are reluctant to upgrade their server OS as it costs time and money and people typically don’t want to exert these things. This has dangerous consequences down the road for the security of the infrastructure and the protection of corporate data. Nearly 60% organizations that suffered data breaches in the past two years cite unpatched software as the main culprit. More on this statistic can be found here.
January 14, 2020. This is the date you need to keep in mind because after this date, Microsoft will cut support for Server 2008 R2. This means that security patches and updates will no longer be released. This means that any exploits that have been strategically held back by hackers will suddenly become available. This means that your server and infrastructure could be at risk.
We don’t want to say that the sky is falling, but you can’t be too paranoid when it comes to data security. Get that system upgraded!
What You Can Do Now:
Upgrading your infrastructure is a big task and there are a lot of moving parts involved. Many office managers naturally wonder if the newer operating systems are compatible with the various software platforms and services they are currently running on their old systems. Fortunately, Microsoft gives you a 180 try before you buy option so that you can deploy a server, test the systems and see if they work. Upgrading a server OS takes time. In most cases, months of planning needs to be put in place, and that is why we are sounding the alarm now.
At SDI, we often help office managers figure out the right choice that will work with existing infrastructure so that they won’t be left alone to the hordes of hackers waiting to exploit an unpatched system. If you are in need of upgrading your server OS, please contact us today.
Stay safe out there!