Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

AI OnAI Off
eGandalf
eGandalf  -  Ektron
Oct 16, 2018
  5568
(4 votes)

Windows 2008 Support is Ending; What's Next for Ektron Customers?

With the end of support for Windows 2008 and 2008 R2 coming up in early 2020, customers of both Episerver and Ektron platforms may find themselves somewhat relieved to know that there are positive options that will help you move past this concern and onto a more up-to-date system with more capabilities and, for some, a more reliable and consistent upgrade path.

My colleague, David Knipe, wrote a wonderful piece addressing EOL for Windows 2008 for Episerver customers running older versions, so, naturally, I decided to piggy-back on his awesome work (as usual) and provide similar coverage for Ektron customers. For implications of retiring support for a specific version of Windows, here are David's comments.

If you are running an older version of Episerver then your site may be running on a version of Windows that is affected. This means you may be in a situation where Microsoft does not support the operating system your Episerver site is running. This means the operating system itself may be vulnerable to security threats or bugs in Windows that will not be fixed. 
If you are running a recent version of Episerver then you are probably not affected, however some older versions of Episerver could run on Windows Server 2008 so you will need to check if you are affected using the list below.

Ektron customers who are running older versions or perhaps have updated the CMS without simultaneously updating the server operating system to newer versions, similar concerns will apply.

The following Ektron versions will be directly impacted:

  • Ektron CMS 8.0.x
  • Ektron CMS 8.5
  • Ektron CMS 8.6
The following Ektron versions may be affected. These versions support Windows 2012, allowing you to buy a little more time. Windows 2012 support is currently scheduled to expire in October of 2023.
  • Ektron CMS 8.7
  • Ektron CMS 9.0 
  • Ektron CMS 9.1
  • Ektron CMS 9.2
Versions listed above include all patches and service packs.
If you are running on an older version of Ektron than 8.0, then you may already be affected by an end-of-life for your current operating system and therefore be more open to vulnerabilities that are unlikely to be patched by Microsoft.

Your Options for Ektron

Upgrade. At time of writing, the only Ektron version supported on the latest version of Windows (2016) is Ektron CMS 9.3, released on June 26, 2018. If you plan to stay on Ektron, then I recommend initiating a plan to ensure you're on the latest version of Ektron running on Windows 2016 servers by January 24, 2020.
Accept the risk. Sunsetting support is not the same as shutting the server off. Both the server and your version of Ektron will continue to run and operate. However, you will assume ever-increasing risk by running your digital applications in an environment that will no longer receive security patches and updates.

Your Options for Episerver

If you're running one of the versions of Ektron impacted by the sunsetting of Windows 2008 and are interested in the move to Episerver, then you should develop a plan for moving your digital applications to Episerver by January 24, 2020. 
Doing less, for example, applying a minor upgrade to Ektron and putting it onto Windows 2012 servers, is a simple way to buy some time but may be wasted effort and capital if you plan to move to Episerver anyway.
When you move to Episerver, you have two options:
  1. Migrate to the Episerver Digital Experience Cloud Service. The cloud service removes the need and risk of maintaining your own servers and ensuring they're up-to-date while making it easier to upgrade and adopt the latest Episerver has to offer in CMS, Commerce, Email, and Personalization in an entirely Episerver-managed cloud.
  2. Migrate to the Episerver Digital Experience Cloud using your own infrastructure, whether hosted internally or through a 3rd party provider. This model is similar to self-hosting Ektron in that you (again) accept the responsibility for ensuring all systems are kept up-to-date. 

What Should You Do Now?

Contact your Episerver Account Manager or, if you don't know who your Account Manager may be, then your local Episerver office.
Oct 16, 2018

Comments

Please login to comment.
Latest blogs
Join the Work Smarter Webinar: Working with the Power of Configured Commerce (B2B) Customer Segmentation December 7th

Join this webinar and learn about customer segmentation – how to best utilize it, how to use personalization to differentiate segmentation and how...

Karen McDougall | Dec 1, 2023

Getting Started with Optimizely SaaS Core and Next.js Integration: Creating Content Pages

The blog post discusses the creation of additional page types with Next.js and Optimizely SaaS Core. It provides a step-by-step guide on how to...

Francisco Quintanilla | Dec 1, 2023 | Syndicated blog

Stop Managing Humans in Your CMS

Too many times, a content management system becomes a people management system. Meaning, an organization uses the CMS to manage all the information...

Deane Barker | Nov 30, 2023

A day in the life of an Optimizely Developer - Optimizely CMS 12: The advantages and considerations when exploring an upgrade

GRAHAM CARR - LEAD .NET DEVELOPER, 28 Nov 2023 In 2022, Optimizely released CMS 12 as part of its ongoing evolution of the platform to help provide...

Graham Carr | Nov 28, 2023

A day in the life of an Optimizely Developer - OptiUKNorth Meetup January 2024

It's time for another UK North Optimizely meet up! After the success of the last one, Ibrar Hussain (26) and Paul Gruffydd (Kin + Carta) will be...

Graham Carr | Nov 28, 2023

Publish content to Optimizely CMS using a custom GPT from OpenAI 🤖

Do you find the traditional editor interface complicated and cluttered? Would you like an editorial AI assistant you can chat with? You can!

Tomas Hensrud Gulla | Nov 28, 2023 | Syndicated blog

See all blogs