Windows Server 2012 End of Life: Security Risks and What to Do

Published on April 11, 2022 by

Paul Deur

The clock is ticking on Windows Server 2012 and 2012 R2. Once end of support is reached, the absence of security patches means your data and applications will be vulnerable to attack if they haven’t been migrated.

With so many moving parts, it’s not unheard of for a migration to take around 18 months, so teams will need to start migration projects now. But what are the real implications of doing nothing?

  • Security vulnerabilities. Beyond 10th October 2023, Microsoft won’t issue any updates, patches, or fixes creating potential vulnerabilities for hackers to exploit. Ransomware is constantly evolving. Any delay to patching a system can open the door to attack and the longer you leave it the more chance there is of that happening . Many companies don’t realize it’s happened until weeks later and costs can run into the $millions.
  • Risk of fines. Research has shown the most targeted industry sectors include financial and healthcare, both of which are highly regulated. If you aren’t using secure, patched systems, then you’re likely not in compliance with industry regulations, which can result in severe fines.
  • Personal liability for leadership.  While directors and officers are largely protected, there are some signs that the tide is turning, notably in the increasing number of legal cases being brought against them. A court decision in ‘Caremark’ established a legal framework for holding directors personally liable for failing to ‘appropriately monitor and supervise the enterprise’.
  • Applications will not function correctly: If you are operating under policies, such as the Modern Lifecycle Policy, you’re required to use the most current and updated applications. But when those applications are updated, they aren’t done so with an outdated server OS in mind resulting in performance, compatibility, and reliability issues over time.
  • Operational Risk: Without support from Microsoft after the EOL date, anything that “breaks” could severely impact operations.

How to minimize security threats

The answer to avoiding security breaches and the costs (both financial and reputational) associated with them, is to migrate to a new server OS. But as with any IT transformation program, if managed poorly, there are many opportunities for error that can also create security risks.

UK bank, TSB, found this out when lack of stringent testing and the too early execution of a server migration caused the company to suffer major customer outages and opened the door to fraudulent activity, costing it £330 million in compensation.

Here are some steps you could put in place to mitigate security risks of your server migration:


Implement a clear process and audit trail to ensure every step is followed, and any server migration goes ahead only when all readiness criteria is met. Here are some considerations for a successful migration.


Be clear about regulatory and compliance requirements with the team managing the migration. Are there any requirements stating what should remain on-prem vs what could move to the cloud? Your PMs need to incorporate this in their plans.


Limit the manual touchpoints: One way to reduce security risks in any IT transformation program is to reduce the number of manual touchpoints and automate as many workflows and processes as you can.


Tackling a server migration?

Learn how to accelerate server migrations while reducing risk and cost.

Access the playbook

Human oversight or error was cited as the fault of a botched server migration of a company that archived emails for medical device vendor, Zoll. During the migration in 2018 a network configuration error compromised the personal and medical data of 277,139 patients leading to Zoll filing a lawsuit against the IT service vendor.


Leverage a digital platform conductor (DPC) to limit security risks

By leveraging the digital platform conductor (DPC) capabilities of ReadyWorks you can automate workflows to migrate EOL servers faster and reduce the risk of your enterprise server migration program.


Automate data discovery by connecting to all your information sources to gain a real-time view of your IT estate, avoiding the errors created by managing this manually and working with outdated program data.


Incorporate compliance and regulatory requirements into your processes to ensure these are followed throughout the migration.


Leverage automated workflows that are triggered once all readiness criteria have been met, including all application testing and certification.


Easily identify migration exceptions such as those applications no longer supported by the newer server OS but required for a finite period following cutover. In doing this you can create a process to isolate these applications in the new environment, ensuring they operate in a controlled ‘sandbox’, to protect all your data.


Implement real-time audit trails to track completion of every step of the migration.


Benefit from a real-time view of project progress showing any outstanding issues that need to be completed to ensure you remain on-track.


Book a demo to see how ReadyWorks can reduce the risk of your Windows Server 2012 migration.