Introduction
Managing servers is the process of taking care of computer systems to make sure they run smoothly and stay protected. In this blog post, we show the dangers of running outdated operating systems, explain how we located such outdated servers using EDR tools, and what you should do when your system nears its expiration date. We focus on servers running Windows Server 2012, an operating system that will become end-of-life on October 10, 2023, but is still widely used [1].
Why identifying outdated systems is important
Finding and managing outdated servers is important to keep your systems safe and running smoothly. When an operating system becomes end-of-life (EOL), it stops receiving security updates, which can make it vulnerable to threats. This means that any vulnerability discovered after the EOL date will not be patched, leaving your server exposed to potential attacks. An example of a critical vulnerability in an EOL product is called "EternalBlue." It affects older versions of Windows such as Windows XP. Even though Windows XP was no longer supported, the seriousness of the vulnerability prompted Microsoft to release a patch to fix it. However, this is the exception rather than the rule.
EternalBlue was a series of vulnerabilities that affected Microsoft protocol SMBv1, which was also used in different non-Microsoft products. The flaw allowed an attacker to send a specific message to the server to execute code on it. EternalBlue was used by a ransomware gang to infect systems, and within 24 hours, 230,000 systems were infected with a ransomware called WannaCry. This event is known today for causing the most amount of damage ever by a ransomware attack.
Another significant vulnerability to highlight is "ZeroLogon," which can be exploited to compromise Windows servers, especially Domain Controllers. The ZeroLogon vulnerability allows attackers to ‘remove’ or change passwords from important accounts in the domain. At Eye Security we have seen multiple compromises as a result of this attack on a Domain Controller. While systems received updates for ZeroLogon, we see that when these kind of vulnerabilities are discovered in older operating systems (which are EOL), it becomes almost trivial to take control of a target environment.
These are just two examples of why it is so essential to proactively identify and address outdated servers to mitigate the risk of unpatched vulnerabilities and ensure the ongoing security of your infrastructure.
Security improvements
It's important to consider the security improvements in newer versions of Windows Server, like Windows Server 2022. It offers better security features and better default settings than older versions. These enhancements provide a stronger basic level of security from the start, safeguarding your server infrastructure against potential risks. Keeping your systems updated and transitioning to supported versions of Windows Server on a regular basis helps ensure ongoing security and stability.
Over the last 5 years, there has been a significant rise in critical vulnerabilities found in Windows Server 2012. 126 vulnerabilities have already been identified this year resulting in code execution and another 94 Privilege Escalation vulnerabilities. It’s easy to imagine that as soon as Windows Server 2012 reaches its EOL status, even more vulnerabilities will be identified, stay unpatched, and become actively exploited.
How EDR solutions helped
We have different types of EDR solutions rolled out in our customers’ infrastructures to monitor their networks and to protect against threats. One of these tools is CrowdStrike, which provides an interface for a structured view of devices. Through this, we are able to identify the Operating System version of any onboarded Windows Server and identify possible EOL versions. Identifying EOL servers is an ongoing process. Therefore, in addition to this large-scale search, we also inform customers about their EOL servers during their periodic security advisory meetings.
What should you do if you receive an EOL notification?
If you receive an email notifying you that you are running an almost EOL server, here's what you should do:
- Seek professional assistance: If you're unsure about what to do or need assistance, it's a good idea to talk to IT professionals or your internal IT team. They can help guide you, make sure the transition goes smoothly and answer any questions or concerns you may have.
- Check compatibility: Make sure that the software or applications you're running on the server will work on newer server versions. You can check the documentation or contact the software provider for guidance.
- Back up important data: Before making any changes, make sure to back up all your important data and settings. This means creating copies of valuable information to keep it safe in case anything unexpected happens during the transition.
- Upgrade to supported versions: We recommend considering an upgrade to either Windows Server 2019 or Windows Server 2022, as these are the latest versions that offer extended support and security updates. [2]
- Consider cloud solutions: Additionally, you may want to explore the option of migrating to cloud-based solutions. Cloud platforms offer scalability, flexibility, and convenience. Moving your servers to the cloud can simplify maintenance and reduce hardware costs.
Conclusion: it’s critical to continuously monitor your infrastructure for gaps
Software and operating systems are constantly evolving. Those that are no longer maintained may be hiding unmitigated security vulnerabilities within your business. Identifying outdated software and operating systems should therefore be an ongoing process. By proactively assessing the software vulnerabilities and EOL operating systems within your infrastructure, we increase the security posture of your infrastructure and your resilience against cyber threats.
Want to talk?
In case you want to pick up a conversation with us, please open this link and request a meeting.
Further reading
[1] https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support
[2] https://learn.microsoft.com/en-us/windows-server/get-started/upgrade-overview
