# Microsoft Ends Support for Windows Server 2012 / 2012 R2: What You Need to Know
## Introduction
Microsoft’s decision to end support for Windows Server 2012 and 2012 R2 is causing concern among organizations still relying on these legacy operating systems. With the end of support for these decade-old systems, many are struggling to find viable solutions to secure their infrastructure.
## The Impact of Ending Support
Despite Microsoft’s previous recommendations to upgrade to newer operating systems, many organizations continue to use servers running on unsupported systems. This poses a significant security risk as these servers host outdated and unpatched applications critical to business operations.
## The Security Problem
The lack of support for Windows Server 2012 / 2012 R2 leaves organizations vulnerable to cyber threats, with over 400 exploitable vulnerabilities identified as of March 2024. Threat actors are increasingly targeting legacy systems, using tactics like deploying Cobalt Strike beacons for ransomware attacks.
## What To Do Instead
If upgrading or migrating is not an option, organizations can opt for extended support from Microsoft or implement security solutions compatible with legacy servers. Applying best practices such as patch management, access controls, network segmentation, and compensatory controls can help mitigate the security risks associated with legacy systems.
## Key Points
– Continuing to run on unsupported operating systems exposes organizations to cybersecurity risks.
– Applying security patches, implementing access controls, and using compensatory controls are essential for securing legacy systems.
– Organizations must prioritize security measures to prevent unauthorized access and data breaches on legacy servers.
## Summary
The end of support for Windows Server 2012 / 2012 R2 underscores the importance of cybersecurity in maintaining a secure IT infrastructure. By implementing best practices and proactive defenses, organizations can mitigate the risks associated with running legacy systems and protect their critical business operations.