Windows Server 2012 and 2012 R2 at the end of the line: no more security updates

We know that companies are reluctant to update their systems, especially when it comes to server machines. October 10, 2023, however, is an important date because it is the last day that Microsoft will release new security updates for Windows Server 2012 e 2012 R2.

The Redmond company is therefore preparing to withdraw the support for two server operating systems that still boast good market shares today. After October 10th, those still using Windows Server 2012 and Windows Server 2012 R2 will no longer receive any update package. Some exceptions, as has already happened several times in the past, could exist if they were to be discovered critical vulnerabilitiescapable of facilitating targeted or large-scale attacks.

In any case, it is good to make sure you have updated Windows Server 2012 and 2012 R2 with the latest Servicing Stack Update: in this way, you ensure that you receive any new updates that Microsoft releases via Windows Update.

End of life of Windows Server 2012 and Windows Server 2012 R2: what to do

When operating systems like Windows Server 2012 and 2012 R2 are abandoned by Microsoft, companies should take a hard look inventory of which and how many machines still use these versions. In general, the advice is to abandon systems that are no longer supported and upgrade to a newer version of Windows Server.

Anyone who does not want or is unable, for various reasons, to put Windows Server 2012 and 2012 R2 behind them should make sure to isolate these machines from the Internet, for example by avoiding expose doors of communication publicly and activating remote access to machines only through the use of one VPN.

Companies that still need time to upgrade to a newer version of the operating system and that use the cloud platform Microsoft Azurethey can access three years of extended security updates. On premisesinstead, access to the program ESU (Extended Security Update) is to be understood as paid: by joining the initiative, interested companies will be able to continue to receive the security patches until 13 October 2026. The ESU subscription fee to be paid, however, increases: lower in the first year, higher in subsequent years.

A further alternative is to turn to 0patch, a third-party software, now widely appreciated by professionals and companies all over the world, which ensures security updates for Windows Server 2012 and Windows Server 2012 R2 at least until October 2026. 0patch uses the mechanism of patching in-memory: this means that the security fixes they can be applied simply by pressing a button, without even the need to restart Windows. An intelligent approach that Microsoft calls hotpatching but which the company led by Satya Nadella, unfortunately, has only adopted on a small scale for the moment.

Opening image credit:


Please enter your comment!
Please enter your name here