Part 5:5 Running unsupported operating systems and applications on your network
During Pen Test engagements, our Cyber-Security specialists consistently encounter the same security weaknesses. Five risks to organisations hold top position, whatever their sector or scale.
In this fifth and final part of our blog series by Marius Cociorba, we look at the dangers of running unsupported operating systems or software on your network.
Microsoft Windows Server 2003 security
Although support for Microsoft Windows Server 2003 ended in July 2015, instances of 2003 servers are still found on network engagements.
A quick search on Shodan, a search engine for devices, returns a list of 17,439 server 2003 devices connected to the internet. The number of internal servers running this version of Windows is likely to be even greater.
Typically, these older servers continue to run because of legacy applications or services. However, any future critical vulnerabilities identified will not be patched, potentially giving attackers an easy route across the network.
Accelerated Cyber Attack
If an out of date server is compromised to expose sensitive information, such as cached logon credentials of administrative staff, this would greatly accelerate lateral movement within the network.
It’s wiser to run legacy applications on newer operating systems, if the application behaves in a stable manner. It may be sufficient to use the compatibility features already offered by the OS.
If this still isn’t acceptable, the best policy is to move these systems to an isolated network segment, enforced by strict access rules. The next step should be to identify another application which satisfies business requirements and can run on up-to-date infrastructure.
The same can be said about applications which are no longer supported by the vendor but can run on newer operating systems. If the software is running locally, it may facilitate a privilege escalation attack, where an attacker has obtained low privileged credentials to a server and uses a poorly configured or vulnerable application to trick the system into granting administrative rights.
If these applications are vulnerable and accessible remotely, they could be used to execute commands to compromise even a fully patched server.
Advice for Legacy Servers and Applications
As legacy applications and servers can be a potential liability which can weaken or compromise an otherwise well maintained network, we recommend:
- Keep track of all legacy systems and applications
- Isolate them from primary networks through strict access rules
- Monitor their use
If you would like an expert review of your information security, or just some fast advice, you are welcome to contact us.