At the end of October 2014, 18% of desktop computers and laptops were still running Windows XP, an operating system that reached end of life more than 6 months previously. Given that there hasn’t been some sort of vast outbreak of viruses and malware since patch Tuesday no longer worked with these computers, some people have wondered if there will really be a problem with them continuing to use Windows Server 2003 after its EOL date on 14 July 2015.
Computers with Windows Server 2003 installed will continue to function after 14 July 2015. They might have some sort of message that pops up reminding you that they are unsupported, but they’ll still run the services and applications that they ran on the 13th of July 2015.
What will be different is that there won’t be any more software updates. That means that if something like the recent SSL 3.0 vulnerability happens after that date, there won’t be an emergency patch released by Microsoft for Windows Server 2003 to close that vulnerability. As we’ve seen with several recent well known vulnerabilities such as heartbleed and shellshock, there can be widely exploitable vulnerabilities in code that’s been around for a long time. If you’re running Windows Server 2003 after 14 July 2015, don’t expect a fix to appear for the operating system even if a widely publicized vulnerability appears.
Application vendors will also pull support for Windows Server 2003. That means that your current applications will run, but that future versions won’t. It will also mean that any updates written for applications that currently run on Windows Server 2003 may not be tested for Windows Server 2003 after 14 July 2015. Applying a new update after that time may cause more problems than it solves.
Then there’s the compliance issue. While most systems administrators don’t spend much time thinking about compliance, much legislation is very specific about whether organizations are meeting their responsibilities if they are running unsupported software.
In later blog posts I’ll go into more detail around some of these issues. The main take away is that yes, while a computer running Windows Server 2003 will still function after 14th July 2015, there are many reasons why you wouldn’t want to be using one that did.