Old Windows Server machines can still fend off hacks. Here's how

Many businesses still use Windows Server 2003, even as Microsoft no longer supports the OS

If you're running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

That's due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.

But some, particularly those in manufacturing and healthcare, cannot because they rely on legacy software that won't run on a modern operating system.

“It’s usually very costly to upgrade,” he said. “And again, the machine is working fine, but control has to be done through Windows Server 2003.”

There may be over 500,000 Windows Server 2003 machines publicly exposed to the internet, according to Shodan, a search engine for devices. But Williams estimates there are many more vulnerable machines running behind company firewalls.

So, for those that can’t, here are some tips to keep your old Windows Server 2003 machine secure.

The danger

The spying tools include several Windows-based exploits, or hacking programs, that target the Windows Server Message Block (SMB) protocol, which is used for file-sharing purposes. The exploits work by remotely triggering the OS to execute code, which can be used to install other malware.

Network segmentation and monitoring

Companies saddled with older Windows Server machines can still protect themselves. Williams suggests they go beyond putting vulnerable servers behind a firewall, and use a tactic called network segmentation.

This can involve restricting access to your most critical servers, and ensuring only system admins can control them. “So instead of giving 20,000 people in a company access, you can cut that number down to 20,” Williams said.

Thus, if hackers ever do breach the firewall, they’ll have access to a smaller segment of the corporate network.

Network segmentation also doesn’t cost a lot of money. Enterprise internet routers often contain access control features that can limit which computers can talk to what, Williams said.

Businesses should also consider monitoring the vulnerable servers, or at least the ones carrying critical information. Any unusual data traffic moving through them is probably a sign they’ve been hacked, he said.

Weighing the risks

To keep malicious activity out of vulnerable systems, application whitelisting can also be used, said Jason Leitner, president of Below0Day, an IT security provider.

Whitelisting works by allowing only trusted applications to run on a computer. It’s the opposite approach of antivirus products, which essentially blacklists malicious programs based on known indicators.

Businesses can also create backups of any sensitive data stored in these machines. One malicious threat that’s been growing in recent years has been ransomware. It works by infecting a computer, and encrypting all the data inside. To free the machine, victims have to pay a ransom, usually in bitcoin.

However, even with these safeguards, the best solution to protecting a vulnerable Windows Server system is to upgrade, according to security experts.

Although it might be costly in the short-term, the investment can help businesses avoid a disastrous data breach. Tiago Henriques, CEO of security firm BinaryEdge, encourages businesses to calculate which is higher: “The cost of buying the upgrade or the damage to their brand and their clients if they get hacked?”

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?