14 DAY TRIAL // Microsoft has decided to leave a critical security vulnerability in Windows Server 2003 unpatched this month, explaining that the architecture of this particular operating system does not allow the company to properly implement the fix.
In other words, the software giant hasn't fixed a critical flaw in Windows Server 2003, an operating system whose support expires on July 14, 2015, so customers currently running this particular platform on their servers have no other option than to upgrade in order to stay secure.
MS15-011 is the bulletin supposed to address the security glitch on the other Windows versions, as Microsoft has confirmed that this problem exists on all supported versions of Windows, both desktop and server. And since the company has mentioned supported, Windows Server 2003 is also affected, but without the possibility of installing the fix.
Attackers could get complete control of a system
The security bulletin is supposed to address a vulnerability in group policy that could allow remote code execution when an attacker “convinces a user with a domain-configured system to connect to an attacker-controller network.”
If the exploit is successful, the attacker could get complete control of a vulnerability system, which would guarantee them the exact same privileges as those of an administration. They can install or remove apps, access your data, delete files and even create new accounts will full rights, Microsoft warns.
The same issue exists in basically all the other Windows versions on the market, including Windows Vista, 8, 8.1, and Windows RT. Windows 10 Technical Preview is not affected, Microsoft says.
Right now, more than 1.5 million customers are likely to miss the upgrade deadline of Windows Server 2003, so it should not be surprising at all that Microsoft is looking at every single method to convince them to upgrade.
But this time, the company says, it's all because of the technologies that are available in Windows Server 2003.
“The architecture to properly support the fix provided in the update does not exist on Windows Server 2003 systems, making it infeasible to build the fix for Windows Server 2003. To do so would require re-architecting a very significant amount of the Windows Server 2003 operating system, not just the affected component,” the company claims.
This means that Windows Server 2003 remains unpatched for the time being, so you should really consider an upgrade in the remaining months to make sure that you're entirely secure.