On 10/10/2023, Microsoft’s official support for the Windows Server 2012 and Windows Server 2012 R2 operating systems will end. After this date, they will no longer receive security updates and will no longer be protected against new security vulnerabilities. So anyone still running Windows Server 2012 or 2012 R2 should respond promptly.
I still have Windows Server 2012 / 2012 R2 in use. What can I do now?
You have several options to maintain protection against vulnerabilities after the deadline.
- Option 1: Buy Extended Support for another 3 years
You can purchase Extended Security Updates (ESU) for three additional years. However, Microsoft pays well for the extended security updates.
- Option 2: Migration to the Azure data center
When migrating existing Windows Server 2012 / 2012 R2 to Microsoft’s Azure data center, you will receive Extended Security Updates for free. This buys you another three years before you have to react.
- Option 3: Upgrade to Windows Server 2019 / 2022
You can upgrade the existing system to Windows Server 2019 or Windows Server 2022. However, this may require intermediate steps. Windows Server 2012 must first be upgraded to Windows Server 2016 and then upgraded to Windows Server 2019 or 2022. Windows Server 2012 R2 can be upgraded directly to Windows Server 2019. However, direct upgrade to Windows Server 2022 is only possible from Windows Server 2016.
- Option 4: Migration to a new server
In addition to upgrading the existing system, you can also set up a new Windows Server 2019 or Windows Server 2022 and migrate the services of the old server to it. The advantage of this is that you can use up-to-date hardware and do not inherit legacy costs from the existing system. You migrate only the services that you still need.
- Option 5: Move to cloud or hybrid solutions
Individual services can also be partially mapped completely via cloud services. This includes Microsoft Exchange, for example, which can now be operated as a pure online variant in Microsoft’s data center. Due to the lower maintenance effort, this also often results in a financial advantage compared to conventional on-premise solutions. Individual cloud solutions can also be combined with an on-premise server.
What are the risks if I continue to use Windows Server 2012 / 2012 R2?
Cyber criminals are constantly looking for security holes for hacking attacks or malware such as Trojans or ransomware. In this context, complex systems such as server operating systems are susceptible to as yet undiscovered vulnerabilities simply because of their scope. So far, Microsoft has closed them promptly for Windows Server 2012 and 2012 R2 and distributed them to the affected servers via Windows Update. However, as of October 10, 2023, these vulnerabilities will no longer be closed. This makes your server more vulnerable to attacks from hackers or malware. In the worst case, this can lead to the theft of sensitive data or complete data loss. Operating a server without current security updates should therefore be avoided at all costs.