XP went end of life nearly a month ago and so far not one vulnerability has hit the headlines, so far. I don’t think its a priority for any ne’er-do-well. There are much better pickings to be had from other software that went end of life but without all the fanfares.
This is the official line from Microsoft:
Microsoft will offer a minimum of 10 years of support for Business and Developer products. Mainstream Support for Business and Developer products will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer. Microsoft will also provide Extended Support for the 5 years following Mainstream support or for 2 years after the second successor product (N+2) is released, whichever is longer. Finally, most Business and Developer products will receive at least 10 years of online self-help support
Believe it or not there were several products that went End of Support in 2010 but there were no news articles about that. That’s because its not as interesting but it is more worrying. These products went end of support in 2010, which is the same for all the products we are talking about here today.
.
Server 2003
Server software is the least considered but the most important in any network environment. Ignoring all the tasks such as email, print and file serving what does it do?
The server is responsible for users and their security, crack the server and you have everything and it has always been the target for “Quality hackers”. All your data and emails are here so get in and the world is your oyster.
Every user should have a password and this is your first defence but in Server 2003 there was one user that was Automatic. That’s the Administrator account, armed with this and some password guessing software and you are in.
The server has several holes that are accessible and to use these all you need to know is the protocol, username and password. Seems pretty tight doesn’t it? You need four pieces of information. Well I have news for you. Nearly every server 2003 has hole number 3389 open, the protocol is RDP and Server 2003 has the username of Administrator, that’s three out of four now known to hackers and that’s the easy way in.
The server also manages the firewall and all the security, so if there are vulnerabilities, and there will be, XP was patched a few days ago for one last time ands it sorted out three on a system 12 years old.
Really if you haven’t replaced Sever 2003 by now you should be seriously well on the way to planning it, but its not that simple as the licencing costs for small business has gone through the roof to force you on to the cloud where Microsoft will squeeze three times as much money out of you over five years.
Office 2003
This is not as critical as XP or Server as it does not connect directly to the internet all the time Although that’s not strictly true, Outlook can get to emails and as it can run scripts it could be a target but I doubt it. Word and Excel also do internet searches but again its not that critical but its a good idea to upgrade as what you can do, and how you do it has changed a great deal.
Exchange 2003
This is quite critical as exchange handles your email out and in and has a whole set of things that can be exploited. If anything we would have advised clients to upgrade this as a higher priority than XP.
Its hard to be specific about the threats as we are not trying to exploit any vulnerabilities and the first we will know of them is when there starts to be large scale compromising of systems and plenty of breaches of security.
So our advice is that you wouldn’t use an out of date medicine so why risk your business health by taking chances?
Too many business are worried about having the latest car or gadget rather than caring about what matters.