End of Life for Microsoft Products

The constant evolution of technology means computer hardware and software get changed on a regular basis. New features and capabilities become possible through the tireless work of hardware and software engineers, working to push performance and deliver experiences that may not have been possible just a few short years ago.

But as technology inevitably marches on, it becomes difficult to maintain legacy applications that are not as robust, secure, or capable as modern solutions. As a result, companies like Microsoft designate an “End of Life” (EOL) for many of its products, signifying an end to typical product support.

What does EOL or End of Life Mean for My Business?

A lot of companies today continue to use outdated technologies, even though it’s a dangerous practice. In fact, one study revealed that out of 349 breached companies, 58 percent were found using end of life (EOL) products.

EOL refers to the date when a vendor discontinues standard support services (e.g., issue updates, maintenance, and customer support) for a particular product. In other words, it refers to the expiration of the hardware or software of the product, including the services associated with it.

What is End of Life for Software?

Any product has a four-stage life cycle: development, growth, maturity, and decline. When software or an application reaches the decline phase of the product life cycle, end of life is near. And when it reaches its end of life, you can no longer rely on patches, updates, or even the technical support representative that helps you address issues with the product.

While EOL software may continue to function as-is, it will no longer receive regular software updates to fix bugs, maintain compatibility, or improve security, leaving critical infrastructure vulnerable to potential threats and data loss.

Significant EOL Microsoft Product Dates

It’s time to start planning for the following Microsoft product end of life:

  • Windows Server 2012:  October 10, 2023

The following significant pieces of Microsoft software have reached their end of life:

  • Exchange Server 2013:  April 11, 2023
  • Windows Server 2008:  January 14, 2020
  • Windows Server 2008 R2:  January 14, 2020
  • Windows 7:  January 14, 2020
  • Exchange 2010:  October 13, 2020

The onetime backbone of data and email operations, Windows Server 2008 and Exchange 2010 have become legacy solutions that will lack crucial software updates. Windows 7, an operating system used at home and in the office, also ended its lifecycle at the start of 2020.  Exchange 2010 and Exchange 2016 hit their End-of-Life in 2019.

Should a critical bug or security exploit find its way into the wild, users of these software products will not have access to patches or updates that ensure the safety and stability of each platform.

Ransomware attack on businesses using Windows XP past its end of life.

Companies that rely on end-of-life software present opportunities for cybercriminals.  In May 2017, businesses still running Windows XP were part of a worldwide cyberattack called WannaCry. Windows XP reached its EOL in 2014. With Microsoft not issuing updates and patches this operating system became more vulnerable to security threats.

Risks of Running a Microsoft product past its End of Life

While the software will continue to function as normal, running obsolete software poses serious risks for any company.  A lack of software updates or security patches means that a platform is incredibly vulnerable to hackers seeking to exploit unsupported platforms, leaving organizations running EOL software without a proper remedy to address new and emerging threats.

EOL software is also not guaranteed to be compatible with new technology, so systems may lack the ability to run pieces of new software that have strict requirements.

While you can still use the software after its expiration, you could expose your company to a broad range of risks, including:

Increased security risks

Because obsolete software no longer receives bug fixes, patches, and security upgrades, your company’s security is totally compromised. Hackers can easily infiltrate your software using a virus or malware and steal your sensitive information.

Regulatory/legal compliance issues

If you store sensitive data in EOL software, you may not be compliant with applicable laws and regulations, including HIPAA, SOX, and PCI. Keeping sensitive data, such as customer information, within software that has reached its end of life is unsafe because it’s vulnerable to cyberattacks. If your company experiences a data breach that compromises your customer’s personal information, you could face legal issues, big fines, and even company shutdown.

Compatibility issues

While this is usually a minor issue, it’s very frustrating when someone sends you a file that is not compatible with your software. Imagine sending your clients a document made in Word 2010 and having all the formatting fall apart because they’re using Office 365.

Decreased reliability

Outdated software slowly deteriorates over time and doesn’t perform as efficiently as before. This reduces productivity and puts your company at risk of losing sensitive data or incurring costly downtime.

Downtime

Obsolete hardware or software increases the chances of application failure and system outage. Outdated hardware and software also result in inefficient performance, which can have a significant impact on productivity.

High operating cost

As your company’s technology system becomes outdated and starts to cause more problems, the cost of maintaining it increases. This can quickly become a burden to your company, especially if you’re trying to keep budgets under control.

Relying on EOL software also poses costly risks for hardware. When a platform is no longer supported, it becomes incrementally more expensive to maintain, requiring specialized knowledge and time-intensive labor to address problems on a legacy platform.

EOL software also tends to run on older hardware, which can also be difficult to maintain through the cost of expensive or hard-to-replace parts that are no longer being commonly manufactured.

What is End of Life for Hardware?

When it comes to PCs, servers, and other hardware, end of life indicates that the equipment is at the end of its “useful lifespan”—from the original equipment manufacturer’s point of view—and the manufacturer stops selling, marketing, or refurbishing it.

While the manufacturer will continue to provide maintenance on the existing EOL equipment, it will only last for a short period of time. When the manufacturer announces a product’s EOL, this generally starts a five-year phase-out of the equipment.

Like EOL software, problems can also occur if you continue using hardware after its End of Life. Here’s a look at some of these problems:

No replacement parts

Manufacturers will no longer make replacement parts for EOL equipment. While it’s possible to purchase excess inventory for a few years after the product’s EOL, you may have no options for repair through the manufacturer once the parts run out.

Security risk

When a manufacturer announces the EOL status of a product, it’s likely that patches, security fixes, and firmware updates for the equipment will be reduced or eliminated. This causes significant security risk and leaves your company’s network vulnerable to cyber threats.

Higher maintenance cost

Because EOL equipment’s replacement parts or accessories are discontinued, they can be very challenging and expensive to find as time goes by. Sometimes, companies hire third-party consultants and support teams that create temporary solutions for more complex issues. This can make using EOL equipment even more expensive in the long-run, compared to replacing it with a newer one.

Scalability issues

EOL equipment cannot meet the growing needs of your company. Your IT team should make use of newer and more advanced hardware as the volume and complexity of your company’s data increase. This will allow them to leverage technological improvements in such areas as energy consumption, data processing, and modularity.

Taken together, running EOL software is an expensive proposition that can jeopardize the security and functionality of an organization. Between potential security risks and the expense of future maintenance, organizations that are serious about data security and integrity must ensure their software is up-to-date and able to receive future critical fixes.

DWD offers IT security services to help protect companies and data from threats.

Products Moving to Extended Support

The Extended Support phase follows Mainstream Support. At the supported service pack level, Extended Support includes: paid support, security updates at no additional cost, and limited complimentary support may be available (varies by product). Microsoft will not accept requests for design changes or new features during the Extended Support phase.

How to Create an EOL Migration Plan

In the long run, investing in new hardware or software through a proper upgrade plan can ensure systems are running safely and securely.  Taking time to create an on-going EOL migration plan is key.  Below are a few important things to include in your EOL Migration plan.

  1. Anticipating approaching EOL dates can ensure organizations aren’t caught off guard when support suddenly comes to an end, leaving data at risk until an IT provider can present a solution.  Create a life cycle calendar for the software and hardware products within your company to help easily track those approaching end of life.
  2. Software EOL dates are typically telegraphed far in advance, so it’s best not to wait until the last minute to upgrade your hardware or software.  Make plans to begin moving off EOL products 6-12 months in advance.  As a software EOL date approaches, it can become difficult to schedule time with an IT provider because other clients are also seeking solutions to maintain or upgrade their infrastructure.
  3. Schedule an appointment with your IT provider if you are running any hardware or software products that are past their EOL dates.  They can help you determine how best to protect your company and its data until you’re able to upgrade your systems.  Steps such as restricting and monitoring access to EOL servers, being aggressive with data backups in case of data loss or corruption, network isolation and application whitelisting are all effective methods you can take to protect your company and its data.

For more information on how to create a migration plan that protects against EOL security risks, contact DWD’s network team today!

Register for our IT/Network newsletter today!