Microsoft Windows Server 2012 is Retiring - What You Need to Know

As long as servers running Windows have been in existence, IT professionals have been haunted by the day when their operating systems will no longer be supported by Microsoft. Whether it’s Windows Server 2000, 2003, or 2008, the inevitable retirement of operating system support is a grim reality that server administrators have to face. The latest operating system to begin making retirement plans as it approaches the end of extended support is Microsoft Windows Server 2012. On October 10, 2023, Microsoft will end extended support for all editions of this operating system.

Companies face significant risks to their cybersecurity and stability if they continue to run an operating system or application after extended support from the vendor has expired. Operating system improvements, bug fixes, and security patches will no longer be provided by Microsoft. This lack of support essentially allows attackers to leverage any new vulnerability, exponentially increasing the chance of a compromise.

For the many organizations still running this venerable version of Windows Server, there are many viable paths that can be followed before October arrives. The following scenarios provide insight into potential options your company can take, each with its own different challenges and possible pitfalls.

Steps you can take to avoid the cyber risk:

• Take no action and continue running Windows Server 2012 without future updates
  • If this dangerous option is the only choice due to extenuating circumstances (e.g., depleted budgets), administrators should do their best to “sandbox” unsupported Windows Server 2012 servers so that they have no contact with the internet, limiting the chance for intrusion.
  • The concerns with following this path should be evident: in the likely event that a future Windows Server 2012 security weakness is identified after Microsoft has ceased issuing updates to address security flaws, the server will be indefinitely susceptible to attack.
• Purchase Extended Security Updates (ESUs) and continue running Windows Server 2012 securely
  • If a business wants to maintain servers that are running Windows Server 2012, and continue patching, up to three years of Extended Security Updates (ESUs) can be purchased from Microsoft.
  • The issue with this option is that pricing for these ESUs is significant and the problem is only temporarily resolved for no more than three years (details and other frequently asked questions can be found at Microsoft’s resource page.)
• Upgrade or migrate to a supported operating system
  • By upgrading Windows Server 2012 to a more modern operating system or migrating applications to a different server running a supported operating system, such as Windows Server 2022, security patches will continue to be issued on a regular basis, thus avoiding the need to purchase ESUs.
  • The concerns related to this option are the licensing costs and the time and resources needed to upgrade or migrate the contents of the server, as well as potential compatibility issues with older applications that may not be able to run on a more modern operating system.
• Migrate the on-premise server to the cloud
  • By moving away from on-premise physical servers and migrating them to an Azure Virtual Machine, Microsoft will provide free ESUs for Windows 2012 for three years after the end of support.
  • The concern of moving Windows Server 2012 from on-premise to a cloud platform is that detailed migration planning is required, as well as experience with licensing and administering servers in a cloud environment.

Making a change to your server operating systems is always a complicated process, so it is imperative that a skilled Managed Service Provider (MSP) or IT consultant is involved with strategizing and implementing these changes.

To further discuss the cybersecurity risks related to unsupported applications and operating systems, contact Kevin Ricci at kricci@citrincooperman.com.