Vulnerabilities / Threats

10:30 AM
Dark Reading
Dark Reading
Products and Releases

Windows Server 2003 End-of-Life Survey Finds Nearly One in Three Companies Will Miss Deadline, Leaving Nearly 3 Million Servers Vulnerable to Breach

Poll of 500 U.S. and U.K. enterprises finds more than half do not know deadline date

WALTHAM, Mass.—March 25, 2015—Bit9® + Carbon Black®, the leader in endpoint threat prevention, detection and response, today announced the results of its “Windows Server 2003 (WS2K3) End-of-Life Survey,” which found that many companies have yet to migrate away from the server platform and remain woefully unprepared for the end of support from Microsoft.

An estimated 2.7 million servers—potentially containing hundreds of millions of files—will be unprotected after July 14, 2015, the end-of-life deadline, according to the survey Bit9 + Carbon Black conducted in February 2015.. Key findings from the survey—of IT leaders at 500 medium and large enterprises in the U.S. and U.K. with at least 500 employees--include:

-          Nearly one in three enterprises (30 percent) plan to continue to run WS2K3 after the July 14 deadline, leaving an estimated 2.7 million servers unprotected

-          More than half of enterprises (57 percent) do not know when the end of life deadline is

-          14 percent of enterprises do not yet have an upgrade plan for WS2K3

Click here to download the survey report

Servers, including domain controllers and Web servers, are where most organizations’ critical information resides. So if organizations continue to run Windows Server 2003 without implementing appropriate compensating controls—such as application whitelisting—they will put customer records, trade secrets, and other highly valuable data at risk. Cyber criminals, hacktivists and nation-states prey on unprotected servers, leaving enterprises exposed to potentially catastrophic breaches that can lead to lawsuits, regulatory fines and loss of customer trust.

“The Windows Server 2003 end-of-life deadline must not be taken lightly,” said Chris Strand, PCIP, senior director of compliance and governance for Bit9 + Carbon Black. “But based on the results of this survey, it appears that too many organizations are doing just that. With only about 100 days left until the end-of-life deadline, organizations yet to upgrade must immediately aim to get their WS2K3 systems into a compliant state to eliminate financial, and potential legal, penalties and avoid the brand damage associated with failed audits, data breaches, and noncompliance.”

With the critical role servers play at any enterprise, WS2K3 end of life presents an even greater risk than last year’s Windows XP end of life. Continued operation of unsecured WS2K3 systems can leave organizations exposed to “zero-day forever scenarios”—where new zero-day vulnerabilities are discovered and exploited by attackers and no publically available patch will ever be provided.

The results indicate that many IT managers are completely unprepared to meet the deadline, leaving their organizations scrambling to find compensating controls or risk being vulnerable to cyber attacks. The risks of running an operating system that can’t be patched are vast, including:

·         Breach and data compromise: since malware authors can get access to highly confidential information such as critical research and development plans, core business databases, consumer credit card/financial data or patient information.

·         Financial penalties: organizations can be fined for failure to pass compliance audits by being in a noncompliant state.

·         Loss of privileges: an organization can lose the right to process major credit card transactions and access to business-critical data.

·         Damage to corporate brand: often the most devastating consequence and can be difficult to remediate. According to the Nation Cyber Security Alliance, 60 percent of small and medium businesses that suffer a breach go out of business within six months.


What Organizations Can Do
For enterprises looking to address Windows Server 2003 end of life without upgrading, compensating controls should be considered to keep their systems secure and compliant after Microsoft support ends. Effective compensating controls for organizations without an upgrade plan include: network isolation, application whitelisting, and continuous server monitoring. The report explains each type of control.

Originally launched in 2003, Windows Server 2003 and its 2005 update, Windows Server 2003 R2, are relied upon by thousands of organizations for critical production workloads. There are approximately 9 million WS2K3 systems still in use.

About Bit9 + Carbon Black
Bit9 + Carbon Black provides the most complete solution against advanced threats that target organizations’ endpoints and servers, making it easier to see—and immediately stop—those threats. The company enables organizations to arm their endpoints by combining continuous, real-time visibility into what’s happening on every computer; real-time signature-less threat detection; incident response that combines a recorded history with live remediation; and prevention that is proactive and customizable. More than 1,000 organizations worldwide—from Fortune 100 companies to small enterprises—use Bit9 + Carbon Black to increase security, reduce operational costs and improve compliance. Leading managed security service providers (MSSP) and incident response (IR) companies have made Bit9 + Carbon Black a core component of their detection and response services.

Bit9 and Carbon Black are registered trademarks of Bit9, Inc. All other company or product names may be the trademarks of their respective owners.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...