I have never put much thought into this until one of the sites I’m handling doesn’t really like keeping up-to-date with MS patches. To them, application stability and uptime is much more important… until the Conficker Worm threat becomes a huge concern.
This Conficker worm affects all Windows editions but if you look at the link http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx, you won’t be able to find any patch download for Windows Server 2003 RTM edition or Windows XP SP1.
After some Googling, I’ve found this: http://support.microsoft.com/?LN=zh-sg&scid=gp%3B%5Bln%5D%3Blifecycle&x=15&y=5#ServicePackSupport. This site explains why.
“When a new service pack is released, Microsoft will provide either 12 or 24 months of support for the previous service pack”.
Other than the Windows Family which provides 24 mths of support, all other products offer 12 mths.
Based on the above, Windows Server 2003 SP2 was released on 13th March 2007 and therefore Windows Server 2003 SP1 support will end on 13th March 2009. The MS08-067 was released on 23rd October 2008. Therefore, this version of Windows is still supported.
Now, let’s take Window Server 2003 SP1. SP1 was released on 30th March 2005. Theoretically, the support for the RTM version will end on 30th March 2007. Thus, this explains why MS08-067 doesn’t support the RTM version!
Now, this is an excellent example to use when you have customers who don’t like to patch their servers.