Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?

The best source of information covering this requirement comes from NIST, the National Institute for Standards and Technology.  They have a set of documents that are the standards for many requirements.  There is nothing specific in the NIST guidelines about the end of life for Windows XP, however, the need to provide Flaw Remediation is clear and that is what the X, Office 2003 and Exchange 2003 support requirements fall under.

 For example, NIST Special Publication (SP) 800-531 requires the SI-2, Flaw Remediation security control, which includes installing...

Who has a Legal Obligation to Upgrade Windows XP, Office 2003 and Exchange 2003?2017-09-18T06:03:39-07:00

April 8, 2014 Marks Exchange Server 2003 End-of-life

...Please not that online content may remain available as long as Exchange 2003 remains in the self-help online support phase, but I am not sure how long that will last.  Microsoft writes, “Companies running Exchange 2003 after April 8, 2014 will be responsible for their own for support. More importantly, because Microsoft will no longer provide security updates, companies that choose to continue running Exchange 2003 accept the risk associated with....

April 8, 2014 Marks Exchange Server 2003 End-of-life2014-03-11T19:12:48-07:00

Microsoft Office 2003 Support Ends April 8, 2014

What should you do?

As of April 8, 2014 Microsoft will no longer offer the following services for Office 2003:

· Assisted support

· Online content updates

· Software updates from Microsoft Update

· Security updates to help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.

Your Office 2003 will continue to run, but you will be are greater risk for....

Microsoft Office 2003 Support Ends April 8, 20142017-09-18T06:10:15-07:00

Microsoft Windows XP Support Ends April 8, 2014

“After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP. Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer. PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system – such as... so you can receive regular security updates to protect their computer from malicious attacks.” This does not mean that instantly on April 9th your PC in not secure, but I can assure you as the days and weeks pass there will be... that put you at risk. There will be no patches available to secure your computer and it is likely you will never even know what new risks exist on your Windows XP computer.

Microsoft Windows XP Support Ends April 8, 20142024-03-14T00:23:57-07:00

What is Recovery Point Objective?

If your system breaks, how much information are you willing to lose when your system is recovered?  If you only back up once per day your RPO is essentially eight hours.  If at the end of the day you finish work and your system crashes and all data is lost, you have then lost the full eight hours of work.  If data is lost half way through the day, your effective Recovery Point at that point is four hours, but don’t confuse that with your objective which is set at eight hours. 

 RPO can and should be calculated differently for different systems you use.  Your Exchange Mail Server and SQL Servers should probably have an RPO of 15 minutes to one hour.  DNS servers and a static website can do fine with a 24 hour RPO since they rarely change. 

What is Recovery Point Objective?2018-05-07T08:47:43-07:00