Aside from the fact that your 2003 versions of Windows Server are probably running on outdated equipment and not performing up to today’s standards, there are three things that can put your operations in jeopardy if you don’t upgrade soon.
The world of security breaches has changed, and even though you’ve faithfully applied every available patch since 2003 (you have, right?), the 2012 version is inherently more secure. Hackers know everything there is to know about Windows Server 2003 because they’ve had a decade to explore it and develop ways to get past its inherent weaknesses. One of those that has been resolved is the traditional ROM-BIOS boot process that leaves a space for injection of malicious boot code updates.
Windows Server 2012 replaces the old boot process with the much improved industry-standard boot process called UEFI (Unified Extensible Firmware Interface). With its own hardened version, Microsoft prevents any boot code updates that lack appropriate digital signatures. In addition to UEFI, Windows Server 2012 includes an additional level of security through its Secure Boot feature. Taken together, this combination significantly reduces risks like rootkits and boot viruses that have the potential to take control of the operating system.
Secondly, while Windows Server 2003 may still be performing for you, Microsoft has stopped issuing patches for the OS, which leaves your instances highly vulnerable to new security threats. Hacking strategies include the ability to load malware into the OS just after boot and before any anti-malware has been launched. In Windows Server 2003, anti-malware programs are treated the same as other applications, and loaded along with all other programs in the startup sequence.
Windows Server 2012 (along with all current Windows OSs) includes the ELAM (Early Launch Anti-Malware) feature that loads legitimate antimalware programs immediately after Secure Boot completes and before any standard programs. This closes another gap in the boot sequence that allowed a process termed interrupt or vector chaining, which can be used to launch external code without proper validation or consent.
The third advance for Windows Server 2012 is full implementation of BitLocker drive encryption. While BitLocker was available as a boot-time option that required an admin to be present to enter a PIN each time the server started up, it now launches transparently at boot time. This is a great advantage for lights-out server environments and automated reboots. The version of BitLocker for Windows Server 2012 also supports hardware-encrypted disks and provides highly granular control. These advances make disk encryption much easier for admins to enable. And any tasks that are simplified make it all the more likely they will be executed properly and consistently.
There are more reasons to upgrade, but these should be sufficiently compelling to motivate you. What are the strongest reasons you’ve found to bring your servers up to Windows Server 2012?
