During our monthly vulnerability scans, we’ve recognized a common underlying cause of several issues—outdated server operating systems.
The most common server installs are Windows Server 2008 and Windows Server 2008 R2. Support for these operating systems, as well as all 2008 systems, ended in 2020. Official details from Microsoft can be read here. The danger in leaving these servers live without updating to a new OS is twofold. First, the OS is no longer receiving security updates from Microsoft and could be vulnerable to any security issues. Second, services running on an outdated machine can reach a point where they can’t be updated to their latest versions due to incompatibility with the obsolete OS on the server—further expanding your attack surface and weakening your network’s security posture.
Keep in mind that while we have used Windows 2008 as an example, any OS that is no longer supported has the same problems. It’s also essential to consider that operating systems like Windows 2012 will no longer be kept after Oct 2023. Microsoft has detailed this date here.