Upgrade Your End-of-Support Microsoft Products as Soon as Possible

If your refrigerator supplier stops providing maintenance services, will you “ignore it” and let the refrigerator’s fresh-keeping and refrigeration functions gradually disappear to become a hotbed for gems? Likewise, the security risks you face will only increase if you stick to computer operating systems and programs that no longer receive any official patches, technical support, and security updates.

Release Date: 19 Jan 2023 5878 Views

In November last year, Microsoft announced that a series of products including Microsoft Office 2013, Windows Server 2012 and 2012 R2 will reach the end of support (EOS) this year ^[1][2]. However, according to the latest data from third-party search engine ^[3], as of January 2023, there are around 97,000 computers in Hong Kong that are still running on Windows Server 2012 and 2012 R2.

Source: https://www.shodan.io/

Risks of Using End of Support Applications and Operating Systems:

Since EOS Applications and Operating Systems (OSs) will no longer receive any patches, technical support, and security updates, whenever new security vulnerabilities appear, hackers and malware are easier to infiltrate, leading to a higher risk of a data breach;
Running EOS applications and OSs might lead to software compatibility issues; and
Due to compliance regulation and system security policy of specific industries, using the EOS OSs might not be certified or lead to compliance issues

HKCERT’s Security Advice:

Related users should plan and upgrade their operating systems to supported versions as soon as possible, (e.g., Microsoft Office LTSC 2021/ 365 and Windows Server 2022).
For those already with plans to upgrade their operating systems, but unable to do so before the deadline, they can purchase Extended Security Updates (ESU) service from Microsoft to secure extra time, if applicable^[4]. For example, users of Windows Server 2012/R2 who have purchased ESU services can still receive critical and important security updates until 13 October 2026.
Migrate to Cloud Virtual Machines (some cloud service providers will provide ESU for 3 years after the end of support); and
For legacy applications that are not compatible with the supported OS version or patches provided by the ESU service, placing the related system on an isolated network is recommended. System administrators should source an alternative application compatible with the supported OS version.

Users can refer to the following table to view the end-of-support date of the relevant products. For other details, please refer to the official announcement. (* applicable to Extended Security Update program)

Product	End of Support
Dynamics AX 2012 R3 Dynamics NAV 2013 Dynamics NAV 2013 R2 Internet Information Services (IIS), IIS 8.5 on Windows 8.1 Microsoft Diagnostics and Recovery Toolset 8.0 Microsoft Report Viewer 2012 Runtime Microsoft Report Viewer Redistributable 2012 Service Bus for Windows Server User Experience Virtualization (UE-V) 1.0 Visual Studio 2012 Visual Studio Team Foundation Server 2012 Windows 7, Extended Security Update Year 3* Windows 8.1 Windows Defender For Windows 8 and 8.1 Windows Embedded 8.1 Pro Windows RT Windows Server 2008, Extended Security Update Year 3 Windows Server 2008 R2, Extended Security Update Year 3 Workflow Manager 1.0	January 10, 2023
Access 2013 Dynamics GP 2013 Dynamics GP 2013 R2 Excel 2013 Exchange Server 2013 HPC Pack 2012 HPC Pack 2012 R2 Lync 2013 Microsoft Lync Phone Edition Microsoft Lync Server 2013 Microsoft Office 2013 Microsoft OneNote 2013 Outlook 2013 PowerPoint 2013 Project 2013 Project Server 2013 Publisher 2013 SharePoint Foundation 2013 SharePoint Server 2013 Skype for Business 2015 Visio 2013 Word 2013	April 11, 2023
BizTalk Server 2013 BizTalk Server 2013 R2 Dynamics 365 for Customer Engagement Apps, version 9 (on-premises update), Original Release (ver 9.0) Microsoft BitLocker Administration and Monitoring 2.0 Microsoft SQL Server 2008, Extended Security Update Year 4 (Azure only) Microsoft SQL Server 2008 R2, Extended Security Update Year 4 (Azure only) Microsoft SQL Server 2012, Extended Security Update Year 1 Visual Studio 2022 , Version 17.0 (LTSC channel) Windows Embedded 8 Standard Windows Embedded 8.1 Industry	July 11, 2023
Excel 2019 for Mac Hyper-V Server 2012 Hyper-V Server 2012 R2 Internet Explorer 7 Internet Information Services (IIS), IIS 8 on Windows Server 2012 Internet Information Services (IIS), IIS 8.5 on Windows Server 2012 R2 Microsoft Office 2019 for Mac Microsoft Office Audit and Control Management Server 2013 Outlook 2019 for Mac PowerPoint 2019 for Mac Windows Embedded Compact 2013 Windows Embedded POSReady 7, Extended Security Update Year 2* Windows Embedded Standard 7, Extended Security Update Year 3* Windows MultiPoint Server 2012 Windows Server 2012 Windows Server 2012 R2 Windows Server Update Services for Windows Server 2012 Windows Server Update Services for Windows Server 2012 R2 Windows Storage Server 2012 Windows Storage Server 2012 R2 Word 2019 for Mac	October 10, 2023

Reference:

[1] https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2012-reaches-end-of-support-in-october/

[3] https://www.shodan.io/

[4] https://learn.microsoft.com/en-us/lifecycle/faq/extended-security-updates

Share with

Analysing AgentTesla Spyware

29 Dec 2022 6614 Views

How to Mitigate New Cyber Security Risks Arising from the Growing Use of Technology in Industrial Operations

6 Feb 2023 4929 Views