Plan for end of Windows Server 2008 support (updated)

10/15/19 update: U-M units have the option to purchase Windows Server 2008 Extended Security Updates.

--------------------

The information below was sent to U-M IT staff groups on September 9, 2019. It is intended for U-M IT staff who are responsible for university servers running Windows Server 2008 or 2008 R2.

Summary

Microsoft will end support for Windows Server 2008 and 2008 R2 on January 14, 2020. That means it will no longer provide security updates or support for Windows Server 2008 and 2008 R2. Don't let your infrastructure and applications go unprotected. Begin planning now to upgrade as needed.

Affected Versions

Windows Server 2008 and 2008 R2

Action Items

Keeping software up-to-date is an important part of vulnerability management at U-M.

  • If you have not already done so, plan to stop using Windows Server 2008 and 2008 R2 before January 14, 2020. This applies to physical servers that you manage as well as virtual servers.
  • If it is not possible for you to upgrade to a supported version of Windows Server, begin planning how you will mitigate in other ways. For example, you might remove your server from all networks or isolate it on a protected network and restrict access. If you need mitigation suggestions, contact ITS Information Assurance (IA) through the ITS Service Center.

How We Protect U-M

  • ITS IA is conducting monthly reviews of active university Windows Server 2008 and 2008 R2 servers. The frequency of checks will likely increase as we get closer to January. IA will notify those units with Windows Server 2008 and 2008 R2 servers. The MiServer team will continue to notify MiServer customers who need to upgrade.
  • Units are asked to plan to upgrade or mitigate servers running Windows server 2008 or 2008 R2 before January.

Information for Users

Windows Server 2008 and 2008 R2 are operating systems for servers, which are typically managed by system administrators. General computer users will not need to do anything related to this.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.