About 20 percent of instances running Microsoft SQL Server have passed their end of life date (EOL) – this could even reach 32 percent from next month. Visibility provider Lansweeper has scanned more than one million server instances and is warning of the expiration of warranty services, bug fixes and security patches from Microsoft. SQL Server 2014 is due in July 2024, which in turn accounts for 12 percent of instances.
Advertisement
Although many systems use current versions, 19.8 percent of instances are running a version of Microsoft SQL Server that is no longer supported. An extended subscription applies only to SQL Server 2012; companies must also sign an additional agreement for SQL Server 2014, which expires next month.
(Image: Lansweeper)
According to the study, 19.8 percent of scanned systems are no longer supported. The leader is SQL Server 2012, whose EoL was 2022. However, security patches are still available until 2025 through the extended security update subscription. The situation is different with SQL Server 2008, which is still used in about eight percent of cases. The extension here expired in 2022. The situation is different with SQL Server 2005, which is still running on about 2.5 percent of scanned instances. Here the updates expired in 2016 and the extension was not possible.
If it ain’t broke…
Once you have built a working application on a functional, relational database, companies often have no reason to touch the original structure again. Especially if the application has been running stable for a long time and does not need any new features of later versions. Even if developers want to upgrade, the money and resources must first be available to make the change. However, this will be even more important if these applications fail. If the application has reached EOL, the Microsoft customer is responsible for its failure.
But even with Microsoft Update, everything does not always go smoothly. Security updates for current Microsoft products have recently had undesirable effects. Software providers are generally not liable for zero-day vulnerabilities that can lead to serious security gaps – a situation that current Interior Minister Nancy Feser does not want to change, even if such gaps have been exploited for attacks on the SPD, for example.
(shhh)
