Security Research
Showing results for 
Search instead for 
Do you mean 

Life after Windows Server 2003: Ready or not, here it comes

Dustin_Childs ‎02-02-2015 10:15 AM - edited ‎02-02-2015 03:34 PM

In January 2015, Microsoft released a patch to fix an issue in the Network Location Awareness (NLA) service. That vulnerability affects all versions of Windows Server, but a fix was not provided for the Windows Server 2003 platform. As stated in the bulletin, “The architecture to properly support the fix provided in the update does not exist on Windows Server 2003 systems, making it infeasible to build the fix for Windows Server 2003.” What they are really saying is that Windows Server 2003 is so different from modern systems, they simply cannot fix the NLA service issue on that platform. As a result, Windows Server 2003 remains vulnerable to what Microsoft deems an important-class issue.


This inability to patch highlights the differences in operating system (OS) architectures between modern OSes and an OS now over eleven years old. While this patch alone should not push enterprises to move away from the OS, the impending end of support for this OS should have businesses thinking about what comes next for their remaining Windows Server 2003 deployments.


HPSR knows that security folks understand the dangers of clinging to operating systems and applications that are out of support – and we also know that they sometimes need to make the case to others in the organizations.


To that end, we’ve put together a short (five-page) white paper covering what end-of-support for Windows Server 2003 means and doesn’t mean. We detail the substantial differences in defense-in-depth protections between Windows Server 2003 and an OS released when Friends was still on the air and not on Netflix. Finally, we walk through the options for life after end-of-support – including reconsidering your company’s Microsoft relationship, or doing nothing at all. If you are still running Windows Server 2003, you have some decisions to make soon; we’re here to help.

0 Kudos
About the Author


I am a senior security content developer with Hewlett Packard Enterprise Security Research. In this role, I write and edit security analysis and supporting content from researchers. I am also responsible for providing insight into the threat landscape; competitive intelligence to the research team; and providing guidance on the social media roadmap. Part of my role includes speaking publicly and promoting the research and technology of HPE Enterprise Security Products .

Servicing Stop
on ‎07-23-2015 04:46 AM

Really interesting stuff, thanks alot for the information.

June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Apr 18, 2017
Houston, TX
HPE Tech Days - 2017
Follow a group of tech bloggers for a new HPE Tech Day, a full day of sessions about how to create a hybrid IT, from hyperconverged to Composable Infr...
Read more
View all
//Add this to "OnDomLoad" event