Windows Server 2003 Service Pack 2 End Of Life
Hilda Bagnoli
On January 9th, 2024, Microsoft will end the extended security updates for Windows Server 2008 and Windows Server 2008 R2. This final year of ESU was only available in Azure. If you still have any devices running the 2008 or 2008 R2 version, please make sure to update to the most current version of Windows Server.
Lansweeper data gathered from 1.3 million instances of Windows Server across more than 35,000 organizations shows that an overwhelming majority of users is in fact running a supported version. Only 6.72% of Windows Server installations are unsupported. However, the data also shows that 20.94% of installations are of Server 2012. With the upcoming end-of-life of Server 2012 in October, these will all need to be upgraded soon.
While not receiving any new functionalities is a minor inconvenience, the lack of security updates for legacy products can punch dangerous holes in your network security. The longer you keep a product around after its EOL date, the more security issues will pop up and go unpatched. Eventually, any unsupported product in your network becomes an open door for security breaches.
Windows Server 2008 and Windows Server 2008 R2 originally went end of life on the 14th of January, 2020. Microsoft offered an additional 4 years of Extended Security Updates (ESU). The third (and for non-Azure users last) of these security updates went end of life on the 10th of January, 2023. The final 4th year of ESU (in Azure only) will be going end of life on the 9th of January 2024. From then on Windows Server 2008 and Windows Server 2008 R2 will be fully out of support.
In order to keep your environment up to date and secure, Microsoft recommends that you upgrade any machines still running Windows Server 2008 or 2008 R2 to the latest version. You can find detailed instructions in their Windows Server Upgrades overview.
Our team has put together a Windows Server Audit report that will give you a full overview of when the Windows Server versions in your IT environment will be going end of life. It shows you when the EOL date is and how many days are remaining so you can plan your migrations in advance.
Windows Server 2012 and Windows Server 2012 R2 will be going end of life on the 10th of October, 2023. In order to keep receiving regular updates and keep your environment secure, make sure to upgrade any machines still running Windows Server 2012 or Windows Server 2012 R2 to the latest version. You can find detailed instructions in the Windows Server Upgrades overview.
If needed, it is possible to purchase an additional 3 years of extended security updates for Windows Server 2012 and Windows Server 2012 R2. Please note that the ESU program is considered a last resort for customers who really need to run certain legacy Microsoft products past the end of support. It only includes critical and important security updates. There will be no new features added nor customer-requested non-security updates or design changes.
August 9, 2022, marks the end of support of the last of the modern lifecycle policy Windows Server version. These versions offered a much shorter support period since they are more closely aligned with the Windows 10 versioning.
Microsoft is ending support for the last Semi-annual release of Windows Server. These server versions were an attempt to mirror the Windows 10 versioning, with a new release twice per year. These versions received support for 18 months following their release. With the end of life of Version 20H2, there are no more supported versions of these releases.
Hi all. I wonder why there are windows versions not in os_eol.inc like windows 7 sp1, windows server 2008, 2012, 2016. Is this intentional or just a mistake? Because I know windows 7 sp1 and 2008 are EOL.
On October 2023, Microsoft Windows Server 2012 and 2012 R2 reached their end of life. Microsoft is ending free updates, bug fixes, and technical support to an operating system still used in hundreds of thousands of enterprise servers.
Microsoft allows customers to purchase Extended Security Updates (ESUs) until 2026. However, their core recommendation for Windows 2012 users is to migrate to the cloud with Azure or upgrade their on-prem servers to Windows Server 2022.
As we've covered in a previous blog post about legacy risks, business-critical servers are often either too operationally critical or create so many dependencies that upgrading or migrating them is effectively impossible.
The Windows 2012 end of support is no surprise. Microsoft follows a well-established product lifecycle and notifies of OS sunsetting years in advance. If an organization has not upgraded its Windows 2012 servers by now, it's likely not going to do so in the near future, either. So, what can they do instead?
There are hundreds of thousands of Windows legacy servers currently supporting critical functions - all of which have exploitable vulnerabilities. If you work in a manufacturing business, healthcare organization, financial institution, or any company that uses OT, your organization likely relies on servers powered by one or more of these legacy systems.
The risks legacy systems create are well known (we've written about how to protect Windows 7, 8, 8.1, and Windows Server 2008 R2). Still, it's worth noting that Windows 2012 adds over two and a half thousand known vulnerabilities (of which over 100 have been exploited) to the legacy risk register.
Experience from past operating sunsets shows that exploit developers comb legacy codebases for exploitable bugs long after developers stop doing the same thing. Threat actors continue to scan and find exploitable legacy vulnerabilities in their target environments.
Gamarue is a malware family that downloads files to enable information theft from infected systems. Gamarue family worm variants can contaminate USB drives or portable hard drives that were connected to an infected system.
One of the most common Windows legacy server attacks that Morphisec stops on legacy servers involves Cobalt Strike. This modular backdoor tool was developed for pen testing but is now exploited by threat actors using cracked versions. Cobalt Strike often leads to domain propagation and exploitation as part of an attack chain that results in ransomware deployment and IP theft.
Critically, Cobalt Strike targets an endpoint's runtime memory. This makes it a particularly dangerous threat for servers running Windows Legacy OSs such as Server 2012, which are at an increased risk of exposure to fileless malware and threats exploiting runtime memory.
Since legacy servers often host business critical processes, and due to their increased exposure, they must be protected by state-of-the-art endpoint protection solutions. Unfortunately, the Endpoint Detection and Response (EDR) technology you might use to protect other parts of your network is not fit for this task.
On a more fundamental level, legacy systems are not an environment that EDRs are optimized for. Although you can install EDR agents on legacy servers, EDRs to be effective rely on software architecture that did not exist when the legacy servers OS themselves were launched. This severely impacts effectiveness of NGAV/EDR solutions.
Older legacy systems (i.e., anything running Windows 7 and 2008 R2) will only have a limited version of the Event Tracing for Windows (ETW). This means that an installed EDR won't be able to get as much real-time information as it would on a modern system. The result is less visibility and a lower detection rate for advanced thetas.
Any server running an OS older than Windows Server 2016 will also not have Microsoft's Anti-Malware Scanning Interface (AMSI). All modern EDRs use this technology to spot obfuscated and packed scripts, evasive macros, and most "living off the land" techniques.
Morphisec's Automated Moving Target Defense (AMTD) technology uses an ultra-lightweight agent to block unauthorized processes on legacy Windows servers deterministically rather than probabilistically.
AMTD, which is championed by Gartner as "the future of cyber," bypasses the architectural challenges and limitations that legacy OS environments create for other security technologies to provide proactive protection against threats.
Protecting over 7,000 organizations and deployed at over nine million endpoints, including tens of thousands of legacy environments, Morphisec's AMTD technology prevents unauthorized code from executing, regardless of whether a recognizable signature or behavior pattern exists.
View the recovery tab - there are all sorts of options - I'd set First & Second Failure to Restart the Service, Third to run a batch program that BLAT's out an email with the third failure notification.
I am using ServiceKeeper on my windows 2008 server at HostForLife.eu and it works very good. Previously, I had a review on ServiceHawk, but I prefer to use ServiceKeeper for its easier management and interface.
Someone asked a similar question over at Super User: You could install a tool that monitors windows services. Something like Service Hawk would help you keep the services started, or allow you to schedule automatic restarts (possibly during the night) to keep the service running smoothly.
AWS helps customers with migration of their legacy Windows Server applications to the latest, supported versions of Windows Server on AWS, without any code changes. Many organizations struggle with migrating their legacy applications due to tight dependencies on older, unsupported operating systems (OS), limited in-house expertise, and/or missing access to installation media or source code. Moreover, getting extended support for these applications does not resolve the inevitable end of support problem, it just delays the inevitable. To mitigate these challenges, AWS offers the End-of-Support Migration Program (EMP) for Windows Server.
EMP for Windows Server includes tooling to migrate your legacy applications from Windows Server 2003, 2008, and 2012 to newer, supported versions on AWS, without any refactoring. The EMP tool decouples the applications from the underlying OS, enabling the migration of your critical applications to newer, supported versions of Windows Server on AWS. Customers can use the EMP tool freely as a self-service option or with the help of AWS Partners or AWS Professional Services. A user guide is also available for customers who want to use the tool themselves.
c80f0f1006