By ProServeIT on January 03, 2019

How to Identify and Respond to a Potential Zero-Day Attack


Your SQL Server 2008 or 2008 R2 environment could soon be coming under attack. On July 9, 2019, Microsoft will be ending support for SQL Server 2008 and 2008 R2, making it a juicy temptation for threat actors to launch a zero-day attack. Are you giving your organization enough time to prepare for what’s going to happen when your SQL Server 2008 and 2008 R2 is no longer supported?

In this blog, we’ll take a look at what this end of support means for your organization from a security perspective, and why you need to consider your options now, so you’re not left vulnerable to a zero-day attack once July 10th hits.


What’s Happening With SQL Server 2008 and 2008 R2?

Once a new version of a server has been released by Microsoft, it’s typically backed by 10 years of support – five years for Mainstream Support, and five years for Extended Support – which, of course, includes regular security updates. SQL Server 2008 or 2008 R2 has now been supported for 10 years, so these versions will soon be reaching the end of their support lifecycle, and the end of security updates for your organization.


Why is SQL Server 2008 and 2008 R2 End of Support Significant?

If we look back at different end of support dates for different types of operating systems and applications, there wasn’t the same perspective or the same emphasis on security back then as there is today. And consider why. Ten years ago, threat actors weren’t as sophisticated; they weren’t able to use technology the way they can today. From a technological perspective, we’ve come a long way in just ten years.

With the security trends that we’re seeing, and with numerous threat actors attacking different organizations on an almost daily basis, it’s even more important to put an emphasis on security! It’s also important to remember that current trends are showing that a threat actor will sit in your environment for approximately 99 days between when they first breach your environment and when they attack (or, if you’re lucky, are detected and removed).

When you put this together with the fact that all SQL Server 2008 and 2008 R2 security updates will cease on July 9, 2019, the situation is prime for a Zero Day attack. As soon as those security protections are down, it’s a very appetizing target for threat actors to attack in whatever way they’re going to do.

Thus, this SQL Server 2008 and 2008 R2 End of Support is a very significant time for your organization, and we encourage you to consider July 9, 2019 a very significant date.


SQL Server 2008 and 2008 R2 End-of-Support: What Options are Open to You?

The good news is that end of support can sometimes be an ideal time to try something new, like moving to the Cloud and getting rid of legacy infrastructure that you no longer need. With that in mind, let’s take a look at a few options that are open to you at this time:

Migrate to Azure

Moving your current SQL workload over to Azure Virtual Machines can help you re-host these workloads in Azure with no application code change. The benefit of switching over to an Azure Virtual Machine is that Extended Security Updates will be available to you for free, which will help you secure your current SQL Server 2008 or 2008 R2 workloads for three more years after the end of support deadline, giving you more time to plan your future path, whether that means upgrading to the newest versions of SQL (like SQL Server 2017), or making a full migration to the Cloud via Azure.

Or, re-host your SQL Server 2008 or 2008 R2 in Azure SQL Database Managed Instance, which is a fully-managed database-as-a-service solution that doesn’t require any future upgrades, and near zero downtime during the shift.


Azure Migration Guide Azure-migration-guide


Upgrade Your Current On-Premises Solution

If you want to stay on-premises, you can also upgrade your current solution to the new SQL Server 2017 and purchase up to 3 years of Extended Security Updates, which will provide your organization with up to 3 years of continued protection beyond the July 9, 2019 deadline and give you coverage as you upgrade to the newest version of SQL Server.


Get Started with SQL Server 2008 or 2008 R2 Migration

Ensuring that your organization stays secure beyond the July 9, 2019 deadline should be paramount to your organization. At ProServeIT, we’re no stranger to helping our customers stay secure, and, in this case, that means helping you migrate to another solution, or upgrading your current servers to the latest version.

If your organization is currently running SQL Server 2008 or 2008 R2, let us help you:

  • Assess: We’ll identify and inventory your apps and server roles that are currently running on SQL Server 2008 and 2008 R2. We’ll analyze your workloads to help you determine the best path for your organization, whether that’s migrating to Azure or upgrading your current on-premises environment.
  • Migrate: We’ll help you make the move by either migrating your legacy SQL Server to Azure or helping you upgrade to the latest version of SQL Server.
  • Optimize: We can then fine-tune your resources to optimize your various costs, better manage your resources, and strengthen your security and compliance posture.

Give us a shout today and let’s begin!


Published by ProServeIT January 3, 2019