What Does End of Support for Windows Server 2003 and SQL Server 2005 Mean for Your IT?

October 23, 2014
Editorial Staff


Editorial Staff

End of support (EOS) is quite self-explanatory – there will be no more updates on behalf of Microsoft to maintain the integrity of Windows Server 2003 and SQL Server 2005’s security. As critical vulnerabilities are detected in these older OS/application platforms, there will be no available solution for resolving those vulnerabilities.


Some Alarming Statistics on the Current Sprawl of Windows Server 2003

According to a January 2014 survey conducted by Microsoft, an estimated 22 million instances were still running on Windows Server 2003. As of the date of this publish, those 22 million instances have only 264 days to migrate their servers, which is especially alarming since the migration process typically takes between 200-300 days depending on the complexity of the server sprawl.

Continuing with the same survey, Microsoft uncovered some interesting results after surveying many IT professionals:

  • 75% of respondents were aware of WS2003 EOS
  • 94% agree that EOS is a significant issue for their current IT strategy
  • 96% of respondents were likely to upgrade within the next 18 months
  • 81% will upgrade about 50% of WS2003 instances

The latter 2 statistics are particularly interesting, as they imply IT Administrators will knowingly remain non-compliant. With 264 days left of support, 18 months far outstretches that window, and 50% of upgraded instances still leaves 50% non-compliant.


Defining the Two Types of Support

Microsoft offers 2 types of support – Mainstream Support and Extended Support.

Mainstream Support typically occurs for 4 years after the release of a product. In the case of WS2003, support ended July 2010; and in the case of SQL 2005, support ended April 2011. Mainstream Support includes:

  • Paid incident support
  • Security updates
  • No-charge incident support
  • Non-security hotfix support
  • Design changes/feature requests
  • Warranty claims

After the 4-year window of Mainstream Support, Microsoft then offers Extended Support which includes only a select few support options from Mainstream Support, many of which come with a price-tag where before the same support functionality was free. WS2003 is nearing the end of its Extended Support phase, officially ending July 14, 2015, while SQL 2005 Extended Support ends April, 12 2016. Extended Support includes:

  • Security updates
  • Paid-per incident support
  • Ongoing use of Microsoft Knowledge base

Items not included in Extended Support from Mainstream Support include:

  • Non-security hotfix support (unless purchased by customer)
  • Design changes and feature requests
  • No-charge incident support

Microsoft does offer custom support contracts after the conclusion of Extended Support, albeit at a significant price. Plus, customers using this support MUST demonstrate they’re making an active effort to migrate off these expiring platforms.

Impact of Remaining on Unsupported Systems

Right out the gate, by remaining on an unsupported system, your IT is automatically non- compliant. This is especially bad for healthcare, government, financial, and publicly traded agencies as the negative spotlight of a publisher audit will coerce competing publishers to conduct their own audit as well, since non-compliance with one publisher often indicates a lack of management across all publishers as well.

Take Personal Credit Information (PCI), for example. Every online purchase/e-commerce interaction requires the use of a credit card, but if an online retailer operates on an expired WS2003 server, then VISA, Mastercard, etc. will fail during the transaction as they’re regulated by federal PCI guidelines.

Likewise, many independent software vendors (ISVs) releasing modern software will be non-compatible with an EOS IT infrastructure. Since these applications all operate on on-premise/virtualized hardware, there will be no “safe haven” for operating your IT since the hardware will also be non-compliant.


Perhaps an organization decides to remain on WS2003 because they discovered a 3rd party solution provider who provides support for outdated servers. This is a viable option, but exponentially more expensive having to utilize these 3rd party specialists instead of migrating to modern hardware. Furthermore, IT will constantly remain behind, causing issues for future updates as well as employee morale since they’ll have to remain at the mercy of the 3rd party vendors’ schedule. Refer to the above statistic “94% agree that EOS is a significant issue for their current IT strategy” – if the organization doesn’t take IT seriously, then why should IT take their responsibilities seriously

Leave a Reply