[SECURITY-L] TA14-310A: Microsoft Ending Support for Windows Server 2003 Operating System

CSIRT - UNICAMP security em unicamp.br
Seg Nov 10 12:27:41 -02 2014 

-------- Forwarded Message --------
Subject: 	TA14-310A: Microsoft Ending Support for Windows Server 2003
Operating System
Date: 	Mon, 10 Nov 2014 07:16:22 -0600
From: 	US-CERT <US-CERT em ncas.us-cert.gov>
Reply-To: 	US-CERT em ncas.us-cert.gov
To: 	daniela em ccuec.unicamp.br



TA14-310A: Microsoft Ending Support for Windows Server 2003 Operating
System

NCCIC / US-CERT

National Cyber Awareness System:

TA14-310A: Microsoft Ending Support for Windows Server 2003 Operating
System <https://www.us-cert.gov/ncas/alerts/TA14-310A>
11/10/2014 07:19 AM EST

Original release date: November 10, 2014


      Systems Affected

Microsoft Windows Server 2003 operating system


      Overview

Microsoft is ending support for the Windows Server 2003 operating system
on July 14, 2015.[1]
<http://support2.microsoft.com/lifecycle/search/default.aspx?alpha=Windows+Server+2003+R2>
After this date, this product will no longer receive:

  * Security patches that help protect PCs from harmful viruses,
    spyware, and other malicious software
  * Assisted technical support from Microsoft
  * Software and content updates


      Description

All software products have a lifecycle. End of support refers to the
date when Microsoft will no longer provide automatic fixes, updates, or
online technical assistance.[2]
<http://support2.microsoft.com/gp/lifepolicy> As of July 2014, there
were 12 million physical servers worldwide still running Windows Server
2003.[3]
<http://redmondmag.com/articles/2014/09/18/server-2003-end-of-support.aspx>


      Impact

Computer systems running unsupported software are exposed to an elevated
risk to cybersecurity dangers, such as malicious attacks or electronic
data loss.

Users may also encounter problems with software and hardware
compatibility since new software applications and hardware devices may
not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they
are no longer able to satisfy compliance requirements while running
Windows Server 2003.


      Solution

Computers running the Windows Server 2003 operating system will continue
to work after support ends. However, using unsupported software may
increase the risks of viruses and other security threats. Negative
consequences could include loss of confidentiality, integrity, and or
availability of data, system resources and business assets.

The Microsoft "Microsoft Support Lifecycle Policy FAQ" page offers
additional details.[2] <http://support2.microsoft.com/gp/lifepolicy>

Users have the option to upgrade to a currently supported operating
system or other cloud-based services. There are software vendors and
service providers in the marketplace who offer assistance in migrating
from Windows Server 2003 to a currently supported operating system or
SaaS (software as a service) / IaaS (infrastructure as a service)
products and services.[4
<http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/>,5
<http://searchwindowsserver.techtarget.com/feature/Weighing-next-steps-following-Windows-Server-2003-end-of-life>]
US-CERT does not endorse or support any particular product or vendor.


      References

  * [1] Microsoft Product Lifecycle Listing
    <http://support2.microsoft.com/lifecycle/search/default.aspx?alpha=Windows%20Server%202003%20R2>
  * [2] Microsoft Support Lifecycle Policy FAQ
    <http://support2.microsoft.com/gp/lifepolicy>
  * [3] Redmond Magazine, Prepare for Windows Server 2003's End of
    Support
    <http://redmondmag.com/articles/2014/09/18/server-2003-end-of-support.aspx>
  * [4] Windows Server 2003 Migration Support
    <http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/>
  * [5] TechTarget, Weighing next steps following Windows Server 2003
    end-of-life
    <http://searchwindowsserver.techtarget.com/feature/Weighing-next-steps-following-Windows-Server-2003-end-of-life>


      Revision History

  * November 10, 2014: Initial Release

------------------------------------------------------------------------

This product is provided subject to this Notification
<http://www.us-cert.gov/privacy/notification> and this Privacy & Use
<http://www.us-cert.gov/privacy/> policy.

------------------------------------------------------------------------
OTHER RESOURCES:
Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
<http://www.us-cert.gov/security-publications> | Alerts and Tips
<http://www.us-cert.gov/ncas> | Related Resources
<http://www.us-cert.gov/related-resources>

STAY CONNECTED:
Sign up for email updates
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>

------------------------------------------------------------------------

Mais detalhes sobre a lista de discussão SECURITY-L