The 10 most popular software versions that will go out of support in 2024

The use of out-of-date software: implications and regulations

Why it is important to know if you have outdated software in your environments: implications, regulations, and use cases such as SQL Server 2014. 

Like every year, we are approaching the time when some of the software versions installed in IT environments around the world-whether system or application software- are reaching the end of their lifecycle. The year 2024 is no exception: several platforms that many of us use daily will no longer receive security updates or official support. It is therefore time to prepare for the transition to the latest versions.  

Here are the 10 most popular software versions that will go out of support in 2024:

• Microsoft Windows Server 2012/2012 R2
  Released in September 2012, these celebrated server operating system versions from Microsoft have served businesses for more than a decade. With support scheduled to end on Oct. 10, 2024, now is the time to plan to migrate to newer versions to ensure security and business continuity.
  
  

• Microsoft SQL Server 2014
  Released in June 2014, SQL Server 2014 has been a milestone for database management. With support ending July 9, 2024, it is essential to consider upgrading to keep databases secure and optimized.
  
  

• Oracle Database 12c
  Released in June 2013, has been a benchmark for enterprise data management. Support will end on June 30, 2024, making it essential to upgrade to newer versions, such as Oracle Database 19c or 21c, to ensure performance and security.
  
  
• Oracle Java SE 8.
  Released in March 2014, Java SE 8 has been widely adopted for application development. With support ending on Dec. 31, 2024it is time to consider upgrading to newer versions of Java to continue receiving security updates.
  
  

• VMware Converter 6.3.
  Support for VMware Converter 6.3 ended June 30, 2024. This product, which allows conversion of physical and virtual workloads to VMware virtual machines, has been updated to ensure compatibility with newer versions of vSphere and improve security standards.
  
  
• Microsoft Visual Studio 2013
  Extended support ended on April 9, 2024. Visual Studio 2013 has been a popular integrated development environment for creating applications on Microsoft platforms. It is important to upgrade to a newer version, such as Visual Studio 2019 or later, to ensure that applications are developed in a secure and supported environment. 
  
  
• Dynamics CRM 2013
  Extended support for this version of Dynamics CRM ended on January 9, 2024. It is a platform used for customer relationship management in many companies. It is essential to upgrade to a newer version, such as Dynamics 365. Upgrading is critical to protect sensitive customer data, improve operational efficiency, and remain competitive with the new automation and artificial intelligence technologies built into Dynamics 365.
  
  
• IBM Power8
  Extended support for Power8 servers will end between March and October 2024, depending on the specific model. These servers have been used in business-critical environments for a variety of workloads and there is a need to provide more secure alternatives..
  
  

• Adobe ColdFusion 2018
  Used widely for web and back-end application developmentin many enterprises, especially in industries that require robust and scalable applications, it reached the end of extended support on July 13, 2024 . It is valued for its ability to handle business-critical applications with high performance and reliability requirements.
  
  
• Adobe Connect 10.6.
  Extended support for this platform in enterprises for web conferencing, e-learning, and webinars is scheduled to end on November 17, 2024It is important to consider upgrading to a newer version, such as Adobe Connect 11.x, to make the user experience smoother and more secure. 

Why you need to know what software is no longer supported on your environments

When a piece of software reaches the end of support, the software vendor stops releasing security updates. This means that any newly discovered vulnerabilities will not be fixed, leaving the software exposed to intrusions.

These vulnerabilities in unsupported software are often well-documented, known, and detected by hackers and cybercriminals partly because of advanced Artificial Intelligence tools, which allow them to easily exploit them to launch targeted attacks.

Exposure, in addition to undermining business continuity (outages, integration with other technologies, etc.), also contravenes regulatory compliance. In Italy, companies are subject to stringent regulations that require them to provide security updates.

Let's look at some of them:

• The General Data Protection Regulation (GDPR)

Although the GDPR is a European regulation, it is directly applicable in all European Union member states, including Italy. It requires the systems used to handle sensitive data to be secure and up-to-date, specifically in Article 32. Organizations MUST take appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes regularly updating software to protect personal data against unauthorized access, loss, or destruction. 

• The Digital Administration Code (CAD)

Similarly, the CAD (Legislative Decree No. 82 of March 7, 2005) stipulates that public administrations must adopt cybersecurity measures to protect data and systems.

• The Cybersecurity Act (Legislative Decree 65/2018)
  

This decree, which implements the European Union's Network and Information Security (NIS) Directive, imposes cybersecurity obligations on operators of essential services and digital service providers, including the obligation to keep software up-to-date..

Then there are specific regulations for regulated sectors such as banking, finance, and healthcare. For example, the DORA Regulation, adopted by the European Union, focuses primarily on the digital operational resilience of financial institutions.

One of the key components of DORA is the requirement for financial entities to maintain robust cyber incident resilience , including vulnerability management and regular updating of software systems to ensure security (see Article 10).

Although not a standard but a best-practice, there are many Italian companies that adopt the ISO/IEC 27001 standard for information security management. This standard requires organizations to adopt a process for managing information security risks, including regular software updates.

 How to Detect and Manage Unsupported Software  

It is crucial to monitor the versions of software in use on one's systems. At WEGG we are experienced consultants in IT Asset Management and specifically in software license management . Through advanced SAM systems we offer a clear view of what software is in use, facilitating the planning and application of security patches needed to reduce vulnerabilities.

In particular, our partner Flexera's Risk Monitor tool is able to increase the degree of awareness regarding vulnerable software: through integration with the NVD database , it is able to combine information about security risks with data collected from inventory so as to show where there are vulnerabilities that need to be patched immediately.

In addition to providing reports that help Security and Operations teams set up ongoing processes to mitigate risk related to vulnerable or unsupported software (we discussed this here), we are able to guide decisions that accompany the replacement of unsupported software..

There are, in fact, several options available, including migration, upgrade and subscriptions, but also consideration of activating extended support.

Upgrading is not always possible: for instance, one of our clients was using Windows 7, which was was scheduled to end on January 14, 2020. Since they were unable to migrate In time, we supported them to join the Extended Security Updates (ESU) program for companies that needed more time to migrate to a newer operating system (there was time until January 10, 2023).

This extended support period gave them the necessary time to manage unsupported technologies, and we were subsequently able to migrate their operating system to the new Windows 8, thanks to our centralized endpoint management systems (see our Work from Anywhere area).

SQL Server 2014: a case study

Let's take SQL Server 2014, which reached its EOL and began the Extended Security Updates (ESU) phase on July 9, 2024, as an example. How can companies handle the fact that extended support is no longer provided?

Once they have detected the SQL Server 2014 versions in use on their systems by scanning with advanced SAM tools, companies can evaluate all the options available to them.