– by Ian Trump, Maxfocus.com
Before Christmas we unleashed a flurry of articles around the potential for Windows Server 2003 to be extremely vulnerable to hackers, when patches stop.
It turns out this is happening a little bit earlier than anyone anticipated, at least for this vulnerability. A 15-year-old bug that allows malicious code execution in all versions of Windows has just been patched by Microsoft but not for Windows 2003. (See here for the full story)
The new vulnerability – which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug – is another sign of things to come for Windows 2003 “The Abandonment”.
As MAXfocus Security Lead for LogicNow my role is to help identify and anticipate areas of potential harm for the MSP community and by extension the customers of the MSPs worldwide. Months ago we were alarmed at the number of Windows Server 2003 platforms still in operation and although many MSPs are moving their customers along the upgrade path – many folks are more cavalier. Disclosure of this issue is the first in a long line of potential exploits that will target this operating system’s exposed, Internet-facing services.
Complacency is simply not an option – action must be taken before Windows 2003 systems are compromised by cyber criminals.