Windows Server 2003 End of Life

This is a reminder that Microsoft has scheduled Windows Server 2003 to be end of life as of July 14, 2015.  This means that the last security patches for the operating system will be available on that date, after which it will officially unsupported by Microsoft. Check this link for more information: https://www.microsoft.com/en-ca/server-cloud/products/windows-server-2003/

It is highly recommended that the any servers still operating with Windows Server 2003 be upgraded to a supported operating system (Windows 2008 Server or later) or that the services that this server provides be migrated to a server that is running with a supported operating system.  If you need to replace a server running Windows Server 2003 you might want to consider the following:

  • If the only function of this server is to act as a file server, Western cloud storage offered by WTS may be a viable solution.
  • ITS also offers dedicated virtual servers where you can have the same management control you would with a physical server.

More information including costs concerning both of these options can be found within the WTS services document.

The Information Security team recognizes that there will be some servers remaining in service after Microsoft’s end-of-life date for Windows Server 2003.  There are some steps that can be taken to mitigate the risk that is inherent in running an unsupported operating system.  Steps such as the following should be considered.

  1. Isolate the server on a protected network segment
  2. If not already done, assign the server an ip address that is not publicly accessible via the Internet
  3. Review local firewall rules to ensure access is available only to those that require it
  4. Ensure that the applications running on the server have all available security patches applied (eg: Java, adobe products, etc)
  5. Have up-to-date antivirus and anti-malware scanning tools installed
  6. Actively monitor the state of the server to be able to detect unauthorized access
If you have any questions regarding this, please contact the Information Security team via email at security@uwo.ca.

Published on  and maintained in Cascade CMS.