Windows Server 2003 End-of-Life

Home / Blog / Windows Server 2003 End-of-Life

Dear Customer,

You are receiving this notice because our records show that you are currently running Windows Server 2003 and/or Windows Server 2003 R2. Each product that Microsoft releases has a lifecycle that determines how long we maintain and support the product. Please be reminded that support for Windows Server 2003 family of products will be coming to its End of Support (EOS) on July 14, 2015. We understand that this EOS brings complexities, but it also brings wonderful opportunities to Transform your Datacenter. New advancements since Windows Server 2003 included in Windows Server 2012 R2 as well as Microsoft Azure allows your IT department to upgrade and take advantage of so many advancements, not only with the Operating System, but in the way they can support the business. Don’t think of this as a mere lift and shift, but a truly amazing time to reconsider the way you position your business for the future.

We want to ensure that with a little over 1 year before this products End of Support, that you have already begun your planning to migrate your applications off of Windows Server 2003. We want to also ensure that you are aware that your migration destination does not only include Windows Server 2012 R2, but also Microsoft Azure as well as Office 365 for SharePoint and Exchange. So what happens when Windows Server 2003 support comes to and end?

  • Requests for changes to product design or features will no longer be accepted nor accommodated
  • Security updates will no longer be provided, exposing your Windows Server 2003 installation to security threats
  • Payment Card Industry (PCI) policies will not be met with an operating system that is EOS
  • Hotfixes and bug fixes will no longer be provided
  • Complimentary support (phone and online) included with the licenses will no longer be provided
  • Paid support (e.g. from Microsoft Premier Support) will no longer cover Windows Server 2003 Family of Products

New vulnerabilities discovered in Windows Server 2003 after its “end of life” will not be addressed by new security updates from Microsoft. What is the risk? One risk is that attackers will have the advantage, because attackers will likely have more information about vulnerabilities in Windows Server 2003, placing the applications running on Windows Server 2003 in a precarious position. When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows Server, researchers investigate whether other versions of Windows Server have the same vulnerability. To ensure that our customers are not at a disadvantage to attackers who employ such practices, one long standing principle that the Microsoft Security Response Center (MSRC) uses when managing security update releases is to release security updates for all affected products simultaneously. This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.


But after July 14, 2015, organizations that continue to run Windows Server 2003, as well as any other Microsoft products that have hit their EOS, like Exchange 2003, Outlook 2003 and even Windows XP, won’t have this advantage over attackers any longer. The very first month that Microsoft releases security updates for supported versions of Windows Server, attackers will reverse engineer those updates, find the vulnerabilities and test Windows Server 2003 to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows Server 2003. Since a security update will never become available for Windows Server 2003 to address these vulnerabilities, Windows Server 2003 will essentially have a “zero day” vulnerability forever.

Please do not ‘dismiss’ this notice, as your planning activities are only the start of your migration, there are numerous complexities that can sideline even the best migration plans. Starting your planning and migration today, is the only way to ensure that come July 14th, 2015, that your critical applications and workloads are safely and securely running.

SRKK is holding an event on 17th Oct at 9:00 am to 12:30 am at Microsoft Auditorium KLCC to explain how migration from Windows Server 2003/R2 can shift your business to a new world, and how our migration offerings can help you transform your datacenter more efficiently and with minimal disruption. Please join us on Friday 17th Oct. To sign up please click here! and to get more information, contact me here samira@srkk.com.