Microsoft is once again putting sales ahead of customer security, although it is for a 10 to 14 year old operating system which they officially pulled the plug on almost two years ago. Sadly the end of support did not have any impact on the infrastructure budget allocations of tens of thousands of businesses and so Server 2003 remained in use. Security researchers spotted an attack last year which exploits a vulnerability in IIS WebDAV which will allow a buffer overflow attack to succeed. Predictably Microsoft's answer is that you should buy a brand new server OS, with hardware upgrade costs likely to be required as well. Thankfully there is a patch available from a third party, which you can check out over at The Register.
It is a dream, but perhaps this might convince some bean counters that an infrastructure upgrade might be a reasonable investment.
"Microsoft will not patch a critical security hole recently found and exploited in IIS 6 on Windows Server 2003 R2 – the operating system it stopped supporting roughly two years ago."
Here is some more Tech News from around the web:
- How to leak data from an air-gapped PC – using, er, a humble scanner @ The Register
- Galaxy S8 face recognition already defeated with a simple picture @ Ars Technica
- Brit inventor beats Elon Musk to it and builds a real-life Iron Man suit @ The Inquirer
- Your Save Data Is Not Safe On the Nintendo Switch @ Slashdot
Time for some Linux converts
Time for some Linux converts because Windows Server 2003 R2 is EOL. Let the thousands of businesses that are still using Windows Server 2003 R2 pool their resources and transition to linux and avoid the M$ Noid!
How many years are they
How many years are they supposed to wait? They’ve been warning businesses for years about this.
Linux isn’t any better in this regard, anyone who claims otherwise is fooling themselves. There are no Linux distributions that have such a long support time frames. Even t by email lts Linux kernel forces you to update and upgrade more often.
That is the trade-off that
That is the trade-off that businesses have to make. You can spend more labor time on a Linux server, but you have free upgrade paths that continually work. I’ve got one Linux server out there that has been walked through upgrades both of hardware/software (it is now a VM) since 2001. It will likely end up outliving me!
If a business uses MS products, it needs to plan on a 3-8 year replacement window, depending on where the server OS is in its life cycle.
That said, I know companies that are still running NT4.0 and have to effectively pirate it since there are no licenses for it (MRI machine and scanning electron microscope).
Sad and very true.
Sad and very true.
This is true. Companies need
This is true. Companies need to realize that they need to invest in specialists who update environments. Security is too much of an issue to be on a 15 year old OS.
Large enterprises do not see
Large enterprises do not see it that way, security costs money for no return and once a breach happens they figure the damage is already done and there is no return in upgrading security; lather, rinse, repeat.
Even smaller ones, like that certain adultery site, take the same stand and are vindicated as all their customers forget about what happened after a month or three and happily go back to forking over money.
It's surreal to watch happen.
In no way is this Microsoft’s
In no way is this Microsoft’s problem. That’s like blaming Ford for not replacing your 2003 ragtop convertible with a hardtop because people can break in too easily through the crusty weatherstripping.