End of Life
End Of Life
Want this Briefing document as a PDF Click HERE
This is the last year of extended support for a number of
Microsoft products. After that time these products will no longer have security
updates by Microsoft and so become an increasing risk to your company as
malware targets newly discovered weaknesses of these older systems.
The risk to your company will increase as time goes by when
exploits are found and activated in the wild. Your antivirus software, if it
has Internet security components will mitigate but not eliminate these risks.
Small Business Server 2003
Already some components of this operating system have dropped
out of support. The SQL database and SharePoint components expire from support
in April and June 2013 respectively. While the SQL and Sharepoint components
are possible avenues of attack the greater risk is the Exchange email system
set to expire from support in April 2014.
The Exchange email system is one of the portals into your
company. Good Exchange aware antivirus can assist in protection but exploits of
the email system are inevitable.
Our advice is that you should be budgeting to update this
software and possibly hardware to the latest version as soon as possible.
Windows XP Service Pack 3
Service Pack 3 is the last version of XP that is available.
This operating system was first released in August 2001 so is coming up to 12
years old. Microsoft has decided to cease support for this operating system on
the date shown above. Avenues of attack on user machines are generally through
the Internet Browser but also through crafted Trojans aimed at weaknesses of
the operating system. You should start to arrange an upgrade of these machines
to Windows 7 or later and speak to us about strategies for maintaining these
machines in the interim. These strategies can include:
Checking they are upgraded to the last version
of XP Service Pack 3 you can do this by right clicking on the My Computer Icon
and going to the Properties menu item.
If Internet access is not required then arrange
to have these machines removed from Internet access.
If email is not required on that machine remove
the email client.
Make sure antivirus is up to date on those
Check that all security updates have been
applied to the machine.
Arrange to remove install rights from users on
those machines; this will slow the ability for Malware to install itself.
Our staff can assist
you with an audit to determine the level of risk and update status.
Office 2003 includes Outlook so if you are using the Outlook
email package from that version you are at risk. Email is one of the most
common attack vectors, usually by Social engineering methods. We have all seen
the Click Here you have Won $5000 etc type of Phishing email. Less common
exploits that are in the wild use Excel spread sheets, PowerPoint presentations
and Word documents that are crafted to install malware.
After this version of Office will fall out of support these
methods of attack are likely to get more frequent. Mitigation options are:
Remove Outlook from machines that do not need
Make sure all Office updates have been done;
this is a temporary band aid.
If a machine does not require Office remove it
from the machine.
Upgrade to Office 2010 or later.
If you do not require Outlook then use one of
the Free Office suites such as LibreOffice. Note while the files produced by
LibreOffice are compatible with Microsoft Office sometimes minor formatting
variations can occur.
Our staff can assist
you with an Office replacement/upgrade program.
Give us a call: 1300