On Jan. 14th, 2020, Microsoft will discontinue support for Windows Server 2008. After this date, security patches will no longer be released for Windows Server 2008 systems and they will be easy targets for hackers looking to exploit these systems.
Campus policy requires that devices connected to the network run software for which security patches are made available and installed in a timely fashion. After support ends, Windows Server 2008 will no longer be in compliance with campus policy.
To obtain an exception:
Use this form to submit an exception request: Information Security Policy Exception Request Form. Exceptions are allowed only if there is a valid reason the system cannot be upgraded.
Receiving a security exception will also require purchasing an extended support contract from Microsoft. Under this contract, Microsoft will continue to provide security updates and other hotfixes for an additional year. More information is located at: https://sites.google.com/berkeley.edu/windows-server-2008-eol/home.
For systems hosting PL2 data, systems administrators must include mitigating controls in the exception request form in addition to the above.
Please submit your security exception request by Nov. 1, 2019, to allow time to implement mitigations needed before end of support.
Jul. 8, 2019 - The Information Security Office (ISO) will send tickets to Security Contacts administering PL2 data systems asking what remediation plan they are choosing to implement and by when.
- Nov. 1, 2019 - Date to submit your security exception request to meet mitigations needed by Jan. 14, 2020 deadline
- Jan. 15, 2020 - ISO will send last reminder tickets for all systems running Windows Server 2008 connected to the campus network (and without an exception on file) requesting the devices be upgraded or removed from the network.
Feb. 1, 2020 - ISO will begin blocking all unsupported Windows Server 2008 devices seen on the campus network