Your Microsoft network is only as secure as your oldest server

It's time to inventory your network to identify systems to replace or migrate away from.

Outdated, obsolete computer systems in need of updating display binary code.
Maxiphoto / Getty Images

Your future IT plans probably include testing and planning on Windows 10 and Windows 11 deployments. You are researching methods for deployment and management including Group Policy and Intune settings. You’ve read about how Windows 10 and Windows 11 have moved to an annual feature release cadence and away from the twice a year cadence.

Your desktop deployments are relatively under control, but where are your server deployments? I’ve seen evidence that recent desktop Windows updates are interacting with older unpatched platforms and causing undue hardship.

IT professionals blame patching, but the real underlying problem is the server platforms you are using for authentication and storage. If you are still using Windows Server 2003 in your network, not only does it provide entry points in your network for attackers, it allows SMB v1 to be deployed in your network. That prevents networks from deploying more secure authentication techniques and the ability to roll out better ways to connect to your network.

I’ve seen network administrators report that when they have a Windows 2003 machine as a print server, printing issues ensued when the recent October and November security updates were applied to Windows 10 workstations (specifically KB5006670 released on October 12, 2021 for Windows 1; 2004, 20H2, 21H1 and 21H2 and KB5007186 released on November 9, 2021 for Windows 10, 2004, 20H2, 21H1 and 21H2). Administrators had to move the print server to a newer patched platform to solve printing issues triggered by the lack of updates on the Server 2003 platform and the deployment of updates on the Windows 10 platforms. I’ve also seen administrators report that older servers such as Server 2008 R2, Server 2008 and Server 2003 caused network file sharing issues if they were paired with Windows 10.

Be aware of server age and security support end dates

Microsoft announced it is expanding the Extended Security Update (ESU) offerings for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2008 R2 SP1 for Embedded Systems and Windows Server 2008 SP2 for Embedded Systems if running on Microsoft Azure. These platforms will have an additional year of ESUs beginning on February 14, 2023, ending on January 9, 2024. Windows 7, however will maintain the original ESU date of January 10, 2023 for its ESU support window.

To continue reading this article register now

Microsoft's very bad year for security: A timeline