Microsoft products usually have a lifecycle of 10 years from release, after which businesses suddenly become incredibly vulnerable when using these systems. After the 10 years, Microsoft no longer provide bug fixes and security updates which leave systems open to malware and attacks, and no longer offer full support from Microsoft’s experts when an issue arises resulting in slower responses and the reduced likelihood of retrieving any stolen data. Cybercriminals target older systems which have less of a focus from security teams and don’t possess the most up-to-date technology, and they usually find success in finding vulnerabilities. Furthermore, running outdated products can create compliance issues, such as the Cyber Essentials certification which requires fully supported systems in place when audits take place.
Technologies that Microsoft provide are maintained through security and other patches, fixes, updates and support. But their support only lasts for a clearly defined period of time.
A typical Microsoft product lifecycle lasts 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support, in which Microsoft will no longer provide updates or support of any kind.
For Exchange Server 2010, that time is coming this October.
Staying on an unsupported software is a more dangerous practice than you may think. When extended support ends, you’re no longer receiving any kind of updates. And therefore, you’re vulnerable.
End of support can result in vulnerabilities being exposed that impact your business:
No More Security Updates: this leaves businesses vulnerable to all kinds of malware and malicious activity.
No New Documentation: guidance and best practices will no longer be produced; access to support and experts will be limited.
Increased Compliance Risks: running outdated or unsupported products could be a quick ticket out of compliance, based on your specific industry. Do your homework and be prepared to make the transition ahead of time.
PCI DSS - if the systems are not patched and not supported then the business is potentially non-compliant
If you are Cyber Essentials certified - if your Exchange Server is not supported and not patched, you are not compliant with the advice to “keep your devices and software up to date” and potentially non-compliant at your next audit
Your installation of Exchange 2010 will continue to run after this date but as bug fixes will not be provided, this will create risk to the usability and stability of the server.
Due to all of the reasons listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible.
What are the options?
We hear a lot of security concerns in IT, but this one is completely avoidable with proactive planning.
You have time if you act now. The end of support deadline for Exchange Server 2010 is Tuesday October 13, 2020.