July 2015 marked the End of Life (EOL) for Microsoft Windows Server 2003. Many large corporations still use this robust but tired server os. There are many risks however for those not moving forward.

What are some of the biggest concerns? Take a look:

1. No more security updates: Next summer will see the end of security updates and paid per-incident support that were available for the operating system. No more bug fixes. No further vulnerabilities addressed. Just because it’s an old OS doesn’t mean it’s a forgotten one: as of November this year, for example, Windows Server 2003 editions and service packs were still turning up among the affected software listed in Microsoft security bulletins about critical vulnerabilities, like this one.
2. Your OS is not an island: A compromised Windows Server 2003 operating system could open the door for the bad guys to pry into other systems in your data centre for the purpose of launching attacks against them. Also, if your third-party business applications code support is tied to the status of the underlying operating system, that support—including anything it may cover in the way of security—also may suffer if you continue to run those apps under Windows Server 2003.
3. Falling out of compliance: Companies in many industries—financial, healthcare, e-commerce, and so on—are dealing with a lot of sensitive customer data, and a lot of it is subject to either industry body or government regulations around privacy and security. When the Windows Server 2003 extended support cycle ends, such companies still using it may find that their virtualized and physical instances of the OS are now out of compliance with regulated industry or regulated data mandates, impacting all associated apps and data. These businesses may fail their audits. So, even if the operating system or data itself isn’t compromised, a business’ status very well could be – potentially resulting in fines, damaged relationships with key partners who are anxious about their own compliance standing, or even the shuttering of their own enterprise.
4. Misusing valuable funds: A company that expends energy, resources and dollars on mitigation technologies to help continue to secure the aged OS by making it harder for attackers to exploit vulnerabilities could lose its focus on the overall enterprise and data security picture—not to mention sacrifice some of the budget that should be supporting that end. That could jeopardize a multitude of other critical software and systems and sensitive information.
5. Legacy applications can cause security issues: All this said, there are risks associated with migrating from the older to the newer OS, as well. Unsupported legacy applications could leave an organization open to security risks, or data could be lost during the transition.

Effectively dealing with these risks comes down to carefully planning your changeover to Windows Server 2012. A well-plotted and well-executed move to the next-generation server OS is also a move that will keep your business current with security updates, with third-party application support, and with compliance requirements, and at the same time save your company from spending money and time on stopgap measures. IT service and solutions providers can be a big help, also aiding in ensuring that your move will take place without data loss. And they or business app vendors hopefully also can address any concerns related to running old apps on a new OS, or suggest alternate options.

The bottom line. Upgrade to a new modern OS to protect your business from vulnerability!

Avoid tech support phone scams

Cybercriminals don’t just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

• Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
• Take control of your computer remotely and adjust settings to leave your computer vulnerable.
• Request credit card information so they can bill you for phony services.
• Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

Telephone tech support scams: What you need to know

Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.

Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Do not trust unsolicited calls. Do not provide any personal information.

Here are some of the organizations that cybercriminals claim to be from:

• Windows Helpdesk
• Windows Service Center
• Microsoft Tech Support
• Microsoft Support
• Windows Technical Department Support Group
• Microsoft Research and Development Team (Microsoft R & D Team)

Report phone scams

Learn about how to report phone fraud in the United States. Outside of the US, contact your local authorities.

How to protect yourself from telephone tech support scams

If someone claiming to be from Microsoft tech support calls you:

• Do not purchase any software or services.
• Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
• Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
• Take the caller’s information down and immediately report it to your local authorities.
• Never provide your credit card or financial information to someone claiming to be from Microsoft tech support.

What to do if you already gave information to a tech support person

If you think that you might have downloaded malware from a phone tech support scam website or allowed a cybercriminal to access your computer, take these steps:

• Change your computer’s password, change the password on your main email account, and change the password for any financial accounts, especially your bank and credit card.
• Scan your computer with the Microsoft Safety Scanner to find out if you have malware installed on your computer.
• Install Microsoft Security Essentials. (Microsoft Security Essentials is a free program. If someone calls you to install this product and then charge you for it, this is also a scam.)Note: In Windows 8, Windows Defender replaces Microsoft Security Essentials. Windows Defender runs in the background and notifies you when you need to take specific action. However, you can use it anytime to scan for malware if your computer isn’t working properly or you clicked a suspicious link online or in an email message.

  Learn more about Windows Defender

Will Microsoft ever call me?

There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

Source: Microsoft

Direct Link: http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx