Windows Server 2003 Reaches End of Life In July

Several readers sent word that we're now less than six months away from the end of support for Windows Server 2003. Though the operating system's usage peaked in 2009, it still runs on millions of machines, and many IT departments are just now starting to look at replacements. Although Microsoft publishes support deadlines long in advance -- and has been beating the drum to dump Server 2003 for months -- it's not unusual for customers to hang on too long. Last year, as Windows XP neared its final days of support, there were still huge numbers of systems running the aged OS. Companies lined up to pay Microsoft for extended support contracts and PC sales stabilized in part because enterprises bought new replacement machines. Problems replacing Windows Server 2003 may appear similar at first glance, but they're not: Servers are critical to a business because of the applications that run on them, which may have to be rewritten or replaced.

[In many cases, legacy applications are the sole reason for the continued use of Server 2003.] Those applications may themselves be unsupported at this point, the company that built them may be out of business or the in-house development team may have been disbanded. Any of those scenarios would make it difficult or even impossible to update the applications' code to run on a newer version of Windows Server. Complicating any move is the fact that many of those applications are 32-bit -- and have been kept on Windows Server 2003 for that reason -- and while Windows Server 2012 R2 offers a compatibility mode to run such applications, it's not foolproof.

MS FAIL

This is stupid. WS 2003 is still the default server platform that most companies deploy. WS 2008 is not even close in comparison. If you want something small that can maximize utilization especially in a virtualization environment, then there's no alternative. Vista on my server, no thx. And the new tablet-version, seriously what were you thinking?

Re:MS FAIL

Bullshit, WS 2003 hasn't been the default organisations have been deploying for a long time, only those that are incompetent and should not be in IT would still be doing that. I work for a vendor and see mostly 2008 R2 as the default, now getting a lot more 2012 R2 as well (they seem to mostly be skipping 2012 initial release).

Re:MS FAIL

[thegarbz]

Ahhh you work for a vendor. That explains why the idea of a budget, or that IT is unable to upgrade something because of upper management may seem foreign to you.

But by all means, throw the front line workers in the IT group under the bus for something beyond their control.

End of support, not "end of life".

[Futurepower(R)]

Software does not have an "end of life". It continues to do what it always did.

"End of life" is a marketing term used so Microsoft can sell more copies of Windows, apparently. My understanding is that fixing newly discovered vulnerabilities in Windows XP or Windows Server 2003 would be fairly inexpensive.

I've explored the issues concerning Windows XP: Microsoft Windows XP "end of life": Conflict of interest.

Remember Conficker?

[Dynamoo]

The problem isn't that Windows 2003 will stop working.. the problem is that it won't get patched. Now, servers are generally lower-risk than client PCs because they just tend to do a couple of things without users surfing for porn, reading email or downloading crap. And also the products *running* on those servers may well continue to get updates anyway.

But about once a year or so, there is a vulnerability in Windows that is exploitable over the network remotely without authentication, the sort of thing that Conficker used to spread on (i.e. MS08-067). Wormable vulnerabilities are the highest risk, and the time between the flaw being announced and an exploit being created can just be a matter of days.

So, eventually those Windows 2003 boxes are going to get pwned. It might be weeks or years after 2003 goes EOL, but eventually it will happen.