Microsoft is set to terminate security updates for Server 2003 on July 14. Unfortunately, many businesses may not be ready for the impending retirement of the highly successful server operating system, according to a report onComputerworld.

Microsoft launched Server 2003 in April 2000, and like the desktop-centric Windows XP, has continued to support it for more than a decade. This practice is now finally drawing to a close.

As we reported previously, businesses still running on Windows Server 2003 are opening themselves up to running afoul of compliance regulations, and increased security risks as the deadline approaches for the end of the support from Microsoft after July 4.

As it is, organizations that continue to run Windows Server 2003 past that date will start to fail standard compliance audits, given that some regulations such as HIPAA, PCI and SOX requires regulated industries to run on supported platforms. In addition, support for some server applications could also be suspended–including all Microsoft applications.

One problem here has to do with how servers are significantly harder to replace than a consumer operating system. Specifically, software that may be running on a Windows 2003-based server may no longer be supported on newer platforms, or the company that installed them could be defunct, or no longer supporting it.

The report on Computerworld cited IDC analyst Al Gillen, who in a recent report on Server 2003 best explained the complexity that companies face.

“Windows Server 2003’s end-of-extended-support deadline is really not about an operating system migration/update. It really is about the entire software ecosystem that remains on Windows Server 2003 today,” said Gillen.

Of course, for companies that intend to continue running their Windows 2003 servers, Microsoft does sell what it calls “Custom Support” plans. Targeted at large enterprises, custom support agreements will see Microsoft providing patches for new security vulnerabilities. However, it is worth noting that such arrangements are known to be extremely costly, and patches will only be released for vulnerabilities rated as “critical”–the highest threat ranking.

Source: fiercecio.com