Next Windows Obsolescence Panic is 450 days

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Countdowns are such fun, just look how much fun we had with 2012 and the end of life on Earth, followed closely by the Windows XP shutdown. Next up on the radar is the demise of Windows Server 2003 R2 which shouldn't raise as much dust as XP, but will prove to be a pain in the rear to migrate for the IT guys. 450 days: You have been forewarned. :D

Standard, Enterprise and DataCenter editions of the operating system, in 32-and-64-bit versions, will receive only Redmond's cold shoulder from that not-so-far-off date.
Click to expand...
 
Honestly, for many servers, this is somewhat of a non-issue -- especially, as many of the servers I deal with have updates turned off anyway and are only ever updated when a problem that effects us directly is found.

Basically, many internal corporate file servers have zero external exposure, so the risk of running unpatched is much less. Specifically, someone would have already had to breach the network or one of the machines on the network before they could ever attack the server at all, especially as our firewall tables are set to block ALL external internet traffic going to the server (inbound and outbound). In other words, if it doesn't originate on our network, then it doesn't get to the server.

Granted, this is for our file/database server. Our TS server is exposed (and updated) but even it's exposure is fairly limited. First off, we only have RDP traffic allowed to and from that machine -- i.e. TS users are not allowed to browse the internet, all HTTP traffic is blocked at the firewall. Additionally, the server is specifically setup as standalone and is not a member of the domain. It's user permissions exist on it only and other than specific port based access to our EMR database on the file server, the TS server has zero access rights to ANY other resource on our network (there is a firewall between it and our file server with exactly one set of ports open).

And, although it shames me to admit it, the file server itself is actually still running Windows Server 2000 -- and, knowing how reluctant to spend money the owner is, I doubt it will get updated anytime soon. CAL's ain't cheap.
 
We are still running 2003 R2 here on a few of the servers that we operate at my school. I am going to be migrating off those machines this summer once the school year ends. I already upgraded the domain to 2012R2 over Xmas, it went off without a hitch. I am upgrading the 2003 servers to 2008R2 servers.
 
Running 2008r2 on all servers, using 2012r2 on dev machines, will probably make the jump to next server version when it drops.
 
mdburkey said:
Honestly, for many servers, this is somewhat of a non-issue -- especially, as many of the servers I deal with have updates turned off anyway and are only ever updated when a problem that effects us directly is found.

Basically, many internal corporate file servers have zero external exposure, so the risk of running unpatched is much less. Specifically, someone would have already had to breach the network or one of the machines on the network before they could ever attack the server at all, especially as our firewall tables are set to block ALL external internet traffic going to the server (inbound and outbound). In other words, if it doesn't originate on our network, then it doesn't get to the server.

Granted, this is for our file/database server. Our TS server is exposed (and updated) but even it's exposure is fairly limited. First off, we only have RDP traffic allowed to and from that machine -- i.e. TS users are not allowed to browse the internet, all HTTP traffic is blocked at the firewall. Additionally, the server is specifically setup as standalone and is not a member of the domain. It's user permissions exist on it only and other than specific port based access to our EMR database on the file server, the TS server has zero access rights to ANY other resource on our network (there is a firewall between it and our file server with exactly one set of ports open).

And, although it shames me to admit it, the file server itself is actually still running Windows Server 2000 -- and, knowing how reluctant to spend money the owner is, I doubt it will get updated anytime soon. CAL's ain't cheap.
Click to expand...

A good percentage of breaches are internal. 18% according to one study Bruce Schneier seems to believe. And the internal attacks tend to have greater monetary damage. Since security is generally about mitigating risk and only useful if there is an ROI (cost of protection is less than cost of breach) it seems this class of threat is worth considering.This may be dated, but I don't think the numbers have changed much:

https://www.schneier.com/blog/archives/2008/06/it_attacks_insi.html
 
I mean for the average joe, and not a university campus or government agency for example.
 
See the MS Support Lifecycle Policy FAQ. Extended support drops non-security hotfix support, no-charge incident support, design changes and feature requests, and warranty claims; those things aren't average joe things. Security patches keep rolling in during extended support, and that's the only interesting bit for average joes in my opinion.
 
meh, I just went to a client today to deal with some application issues, whole office still runs XP, no issues so far related to that... unfortunately the software they run would be prohibitively expensive to upgrade to a newer version that supports 7
 
FLECOM said:
meh, I just went to a client today to deal with some application issues, whole office still runs XP, no issues so far related to that... unfortunately the software they run would be prohibitively expensive to upgrade to a newer version that supports 7
Click to expand...

That's the real issue; it isn't the businesses running it as their OS as I see it, it's the business application software vendors who fail to update said software, basically holding businesses hostage to XP or a hugely expensive (and risky!) total systems revamp.
 
evilsofa said:
See the MS Support Lifecycle Policy FAQ. Extended support drops non-security hotfix support, no-charge incident support, design changes and feature requests, and warranty claims; those things aren't average joe things. Security patches keep rolling in during extended support, and that's the only interesting bit for average joes in my opinion.
Click to expand...


I understand now. Thanks for breaking it down.
 
You must log in or register to reply here.
Back
Top