Less than 2 months until Microsoft Windows Server 2008 reaches End-Of-Life

What’s going on?

On January 14^th 2020 both Windows Server 2008 and Windows Server 2008 R2 will reach the end of their ‘extended support’ periods, also known as ‘End-Of-Life’.

What does this mean?

After that date Microsoft will no longer be providing any support, fixes or patches to the software. In other words, any newly discovered vulnerabilities will not be fixed, leaving the door wide open for attackers.

Out-of-date and unsupported services are low-hanging fruit and an easy target for cybercriminals. It is almost certain that there will be new vulnerabilities discovered and exploits created after Windows Server 2008 reaches end-of-life, with attackers setting their sights on organisations still using this software.

Any organisation still running these versions of WS 2008 beyond 14^th Jan 2020 will be at a significantly higher risk of cyber attack. and service failure.

The ramifications of such an attack would vary but likely include service failure, business interruption, data loss and associated fines relating to failing to meet GDPR obligations.

Who is affected?

A lot of organisations are still using Windows Server 2008 – using KYND data we estimate that approximately 20% of organisations are still running Windows Server 2008 on at least one part of their infrastructure.

To some extent this is understandable, as organisations often choose to stick with a known and stable platform for as long as possible – If it ain’t broke, don’t fix it. The problem is that from January 20^th – if it breaks, it won’t be fixed.

Are YOU affected?

If you want to know if this impacts your organisation you can sign up to a 14 day free trial of KYND ON. We will instantly scan for your cyber risks and alert you immediately if we find anything.

What should you do if you are running Windows Server 2008?

Options:

1. Upgrade to a newer version of Windows Server
2. Pay Microsoft for Extended Security Updates
3. Migrate to Azure

(1) Upgrade to a newer version of Windows Server

If your server environment needs to remain on premises (and not in the cloud) then you can upgrade to a newer version, the options being:

• Windows Server 2012
• Windows Server 2016
• Windows Server 2019

Note that it is not possible to upgrade directly from Server 2008 to Server 2016 or 2019 – you would need to upgrade to Server 2012 first. You could decide to only upgrade to Server 2012 and stop there in order to avoid the complexity of a multiple phase upgrade, however you should note that Server 2012 has its own End-Of-Life date in 2023.

(2) Pay Microsoft for Extended Security Updates

Microsoft do offer an additional 3 year period of ‘Extended Security Updates’, however they can be expensive and are priced at a percentage of the original licence fee per year for that period.

(3) Migrate to Azure

Microsoft are incentivising organisations to move their infrastructure to their cloud services platform Azure by offering the 3 years of Extended Security Updates for free. This process could either be performed as a ‘lift and shift’ or an on-premises upgrade.

If you want to know if this impacts your organisation, sign up to a 14 day free trial of KYND ON!

P.S. It is worth noting that the personal computer operating system Windows 7 is also due to reach its End-Of-Life on January 14^th 2020. Whilst at KYND we are focused on business infrastructure rather than individuals’ machines, having employee laptops and PCs running out-of-date and unsupported operating systems does also represent a risk.