March 3, 2015
Heads Up: Extended Support for Windows Server 2003 Is Ending
Last year, Microsoft announced that extended support for Windows Server 2003 would end on July 15, 2015. This means that after July 15, Microsoft will no longer deliver any security updates, pay-per-incident support, or support from Microsoft’s Knowledge Base for Windows Server 2003. Most importantly, if you’re still using Windows Server 2003 somewhere in your cardholder data environment (CDE), you must upgrade to a newer product or your PCI compliance status will be at risk. Are you prepared?
About Windows Server 2003
Windows Server 2003 has been one of the most widely used editions of Microsoft’s server operating systems. Although most users have replaced Windows Server 2003 with a newer product, some of you may still be using the product. It is important that you identify whether Windows Server 2003 is still in use anywhere in your CDE – and if it is, you should plan to upgrade to a supported operating system before the deadline.
This Is Not a Requirement of Shift4
Microsoft has decided to end support for Windows Server 2003 as a natural transition in the lifecycle of its products. Since newer server operating systems with more advanced technologies have been added, Microsoft is now ending their extended support for this 11-year-old product. Shift4 is sharing this information in order to help our merchant customers, just in case you haven’t been informed by your merchant bank, Internal Security Assessor (ISA), or Qualified Security Assessor (QSA).
Upgrade Now to Ensure PCI Compliance
As always, Shift4’s security products continue to provide some protection for your payment environment, so your security breach profile hasn’t increased. However, if you do not upgrade those servers using Windows Server 2003 prior to the extended support deadline, your PCI compliance will be impacted. Requirement 6.2 of the PCI DSS version 3.0 requires merchants to “ensure all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches.”
Other Reasons You Should Upgrade
Let’s just say that technology has changed a lot since Windows Server 2003 was first released. Newer server operating systems are much better equipped to support newer technologies, including cloud, mobile, and more. The approach toward developing server operating systems has also advanced, so you’re looking at gaining a much more advanced product with better performance. Therefore, we recommend that you upgrade to a newer server operating system so you won’t face another potential upgrade soon. For example, mainstream support for Windows Server 2008 ended in January and extended support will end in January 2020.
What to Do
You can use Microsoft’s Windows Server 2003 Migration Planning Assistant to get some preliminary tips on upgrading to a new server operating system. Also, notify your merchant services provider or merchant bank and your ISA or QSA to determine if you need guidance on upgrading your systems from Windows Server 2003.
Again, this is not an upgrade offered by or a requirement made by Shift4 or DOLLARS ON THE NET®. But, if you have any questions, please contact our Customer Support team at [email protected] or call 702.597.2480 (option 2).