Home > General > Going, going, gone – That all for Windows 2003 Server.

Going, going, gone – That all for Windows 2003 Server.

July 16, 2015 Leave a comment Go to comments

W2K3-eol-270x167Well this past Tuesday marked a very special Tuesday and it appears to have passed without the sky falling (unlike last years Windows XP patch Tuesday). If you have had your head buried in the sand we may not have been aware but July 14 2015 was the very last day that Microsoft would be sending out patches for your Windows 2003 servers.

With the official death of all windows 5.X kernels you may be interested to know that there are still several hacks available to exploit these machines if you still find yourself needing to use them. If you must continue to use them you might want to inventory your traffic to/from these machines to be sure they are not actively being exploited.

Early last year Microsoft patched MS14-002 for a previously unknown bug that was actively being exploited in combination with an adobe vulnerabilitiy CVE-2013-3346. The bug exploited several routines in their kernel and without that patch – there would be millions of machines still vulnerable. HP has estimated that there were approx. 11 million of these systems in the market so unless you were not one of the companies that migrated to a newer version of Microsoft Server you are probably vulnerable to the next attack. Without paying Microsoft for extended support to get access to patches if/when they create them you could and will probably be attacked.

There is still a concern for businesses that are only using windows 2003 server on their inside network. It still represents a risk to your organization when an intruder is pivoting (connecting to multiple computers from one computer or device). You should also consider an insider attack whether it is willful or not. I always suggest to my clients that they do not discount an disgruntled employee from attacking their network but bringing your own device (BYOD) or Tablets/Smart phones can be used successfully to launch an attack once inside your network.

Consider this, you travel to a hotel on business and connect to the hotel W-Fi network. Free Wi-Fi has become a necessity for businesses and the infrastructure costs offer no revenue generation. The last thing a company can afford is to monitor/maintain those devices so they become an attack surface for hackers to exploit. Your wireless device silently becomes the victim of malware that is designed to search for computers. When you come back from your trip you pass right by security and connect to your home or business network. Its like smuggling your attacker right in the back door and giving them full access to your network.

Remember the top 20 controls and monitor your networks – you never know who might be lurking in the shadows…

Categories: General
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: