9 in 10 Exchange servers in Germany still running out-of-support software • The Register Forums

Wednesday 29th October 2025 08:41 GMT Like a badger

How do you get through to business leaders?

I daresay a similar survey of the UK, France, Italy would have similar findings.

You'd have thought that after recent international headline grabbing ITsec fiascos that the topic would be number one on the risk register. The financial and reputational damage done at companies like JLR and M&S ought to be enough, and there's been data breaches and cyber attacks at German companies that are estimated to have cost €300bn a year, and again the same will be true in other European nations. Even the (limited) prospect of personal accountability for business leaders doesn't seem to be galvanising much action.

5 0 Reply
1. Wednesday 29th October 2025 09:43 GMT Anonymous Coward
  
  Re: How do you get through to business leaders?
  
  On the comments on any article about cloud downtime, costs etc. you’ll have people smugly weighing in saying you’re much better off running your own on-prem. In theory maybe, but this is how it generally works out in practice - can’t even get the basics right. How many of these orgs have knowledgeable admins, HA/DR etc. and aren’t just operating on a wing and a prayer?
  
  <shudder>
  
  4 1 Reply
  1. Wednesday 29th October 2025 21:26 GMT Oli.
    
    Re: How do you get through to business leaders?
    
    Well yeah, there is a lack of on-prem knowledge precisely because everyone has moved to the cloud. Now that they are all locked in, the prices go up. What are you going to do, move back to on prem? Good luck finding someone with the knowledge. This the circle closes.
    
    0 0 Reply
  2. Thursday 30th October 2025 07:28 GMT Anonymous Coward
    
    Re: How do you get through to business leaders?
    
    Made redundant on the way to M365/Google Workspace/Azure/AWS.
    
    1 0 Reply
2. Wednesday 29th October 2025 09:53 GMT Steve Davies 3
  
  Re: How do you get through to business leaders?
  
  That choosing Microsoft is :-
  
  1) NOT the best choice
  
  2) NOT the only choice
  
  3) A way to get shafted (in the best possible way)
  
  MS wants you to abandon 'on premises' for their cloud where they can slurp away to their hearts content. At least with 'on premises' you can firewall them out.
  
  7 3 Reply
  1. Wednesday 29th October 2025 10:35 GMT Martin M
    
    Re: How do you get through to business leaders?
    
    Let’s be honest here - Microsoft is not the issue, it’s the inability of organisations to focus on, staff and fund one of the most basic operational responsibilities, keeping services in support and patching them. This would be a problem whatever technology was used - Microsoft still offer support on-prem software so there’s no excuse. If it’s just too hard for them (e.g. due to internal politics), they should move to cloud and outsource the problem to someone who can reliably do it and build it into a predictable fee.
    
    As the article itself points out, a firewall won’t stop anyone (including far more malicious players than Microsoft, believe it or not) slurping your data if your externally facing email server gets compromised and you have - as seems likely in many of these cases - a flat internal network architecture.
    
    7 2 Reply
    1. Wednesday 29th October 2025 11:18 GMT Like a badger
      
      Re: How do you get through to business leaders?
      
      "they should move to cloud and outsource the problem to someone who can reliably do it and build it into a predictable fee"
      
      And that's not even going to be a short list of contenders, is it?
      
      M&S, JLR, the CO-OP all got shafted and had outsourced virtually everything. Various shenanigans by Oracle, SAP, Broadcom show that when talking fees the word "predictable" simply refers to the predictability of arbitrary upward price and licence changes as and when vendors see fit, and hyperscalers aren't much different.
      
      7 0 Reply
      1. Wednesday 29th October 2025 15:10 GMT Martin M
        
        Re: How do you get through to business leaders?
        
        When I was talking about “outsourcing the problem” I was talking in the narrow sense of getting someone to run a commodity email service in a modern way. Not shovelling a towering heap of legacy enterprise rubbish over the fence to TCS to hand crank, which I agree is unlikely to produce good results, except for the exec who trousers the bonus for “cost cutting”.
        
        The list of vendors that can do enterprise cloud email is sadly a short one: Google, Microsoft, possibly Zoho or similar. But that seems to be enough competition to hold prices down. A quick search pulled back a reference to Google Apps Premier launching in 2007 at $50 per user per year for 10GB - $78 after inflation. Now Google Workspace is $84 for 30GB.
        
        No massive price hike in over 18 years, and the software was supported and patched at all times (+ a whole lot more management that’s needed to operate email), 9 of 10 on prem services do not appear able to clear this basic bar.
        
        1 1 Reply
        
        Wednesday 29th October 2025 16:43 GMT Charlie Clark
        
        Re: How do you get through to business leaders?
        
        Outsourcing the hosting does not solve the problem, it just obfuscates it and gives you a new one: control of your data.
        
        1 0 Reply
    2. Wednesday 29th October 2025 13:46 GMT Anonymous Coward
      
      Re: How do you get through to business leaders?
      
      Except when Microsoft IS the issue. It's all well and good saying that MS have been telling customers about dropping support for 2016 and 2019 for ages, but my understanding is that there's also been a lack of any concrete info on SE licensing until VERY recently, at least in terms of SPLA licensing. Eg if you used SPLA there was no way to be certain that you even COULD license an SE installation until recently. Once confirmed, it's not necessarily a 5 minute job to upgrade.
      
      5 0 Reply
      1. Wednesday 29th October 2025 15:24 GMT Anonymous Coward
        
        Re: How do you get through to business leaders?
        
        Indeed; upgrading exchange is not a trivial task, especially if it's a really out of date installation;
        
        4 0 Reply
        
        Wednesday 29th October 2025 15:28 GMT Roland6
        
        Re: How do you get through to business leaders?
        
        Like 2013 which went EoL in 2023. I know several,companies who delayed upgrading to 2016/2019 because they expected MS to release their touted cloud version in 2023 and so avoid an upgrade to 2016/2019 which would have only brought them 2 additional years of support.
        
        2 0 Reply
        
        Sunday 2nd November 2025 22:40 GMT katrinab
        
        Re: How do you get through to business leaders?
        
        2019->SE is about as easy as it gets, if you can figure out how to actually buy a licence for SE. The only thing that changed was the licensing stuff and the ability to get future updates.
        
        0 0 Reply
      2. Wednesday 29th October 2025 15:24 GMT Roland6
        
        Re: How do you get through to business leaders?
        
        There has also been the issue of MS delaying the release of the replacement products for Exchange Server 2016 and 2019; with SE only being release in July 2025 -just over 3 months before 2016/2019 went EoL.
        
        2 0 Reply
        
        Thursday 30th October 2025 08:38 GMT Fred Daggy
        
        Re: How do you get through to business leaders?
        
        Agreed.
        
        I would add that it seems that MS-Exchange is just another example of on-premises products being a second-class product. Exchange SE appears to be MS-Exchange 2019 with all fixes in place. No major functionality improvements. No minor improvements. Nada.
        
        Knowing well how complex Exchange is, (Greybeard mode: I start with Exchange 5.0), I am far from surprised.
        
        Wonder what changes under the hood have enabled Exchange to handle cloud level workloads. Probably the code bases have diverged so much by now it would be near impossible to backport.
        
        Back to rant mode. MS, give your on-premises some TLC. Cloud isn't everything.
        
        1 0 Reply
      3. Wednesday 29th October 2025 15:30 GMT Martin M
        
        Re: How do you get through to business leaders?
        
        OK fair enough, that’s rubbish, they should never have EOL’d without an upgrade path. Although mostly an argument for moving to Google Workspace.
        
        1 1 Reply
        
        Thursday 30th October 2025 14:30 GMT Anonymous Coward
        
        Re: How do you get through to business leaders?
        
        There was an upgrade path (to Exchange SE), but the period between that being released and 2016/19 going EOL was unreasonably short.
        
        1 0 Reply
    3. Wednesday 29th October 2025 15:12 GMT Roland6
      
      Re: How do you get through to business leaders?
      
      >” they should move to cloud and outsource the problem to someone who can reliably do it and build it into a predictable fee.”
      
      However, the responsibility for security etc. will still remain with the organisation and we have already seen how the cloud providers are very quick to claim no responsibility or liability if things on their cloud go wrong.
      
      With respect to Microsoft - does any one know what version of Exchange 365 is at and whether it has and is being patched every month? Because all you are buying from MS is an email inbox.service, they make no claims for its security…
      
      0 0 Reply
      1. Wednesday 29th October 2025 15:36 GMT Martin M
        
        Re: How do you get through to business leaders?
        
        You can’t, but at that scale there has to be automated patching that works. Chances are critical patches are fully applied to their cloud well before they’re even made available for on-prem installation - MS won’t want them reverse engineered before they’ve got their own house in order.
        
        0 0 Reply
  2. Wednesday 29th October 2025 14:51 GMT GNU Enjoyer
    
    Re: How do you get through to business leaders?
    
    It's cute you think a firewall can stop them.
    
    0 0 Reply
    1. Wednesday 29th October 2025 15:22 GMT Anonymous Coward
      
      Re: It's cute you think a firewall can stop them
      
      You can stop their apology for software from phoning home with a firewall. Yes, it takes effort but it can be done. It isn't OOTB.
      
      My firewall has over 30% of the IPV4 internet addresses blocked (both in and out) including ALL of Google, MS, Amazon, Facebook and the other usual subjects.
      
      0 0 Reply
3. Wednesday 29th October 2025 18:00 GMT DS999
  
  Maybe we need whitehat ransomware
  
  Either upgrade/replace this vulnerable email server or pay us 3x what that would cost in ransom!
  
  1 0 Reply
4. Thursday 30th October 2025 07:26 GMT Anonymous Coward
  
  Re: How do you get through to business leaders?
  
  Nah … bollocks to that. AI and job cuts is where the action is.
  
  0 0 Reply
Wednesday 29th October 2025 10:41 GMT Rich 2

I don’t get the hurry

Just because MS are no longer supporting these versions of exchange, it doesn’t mean they’re suddenly going to become vulnerable

I mean, it’s not like MS have any kind of track record of weekly faults and compromises in any of their products, bodged patches, more faults, more vulnerabilities, and general shonky software quality issues, is it?

9 1 Reply
1. Wednesday 29th October 2025 14:58 GMT Tron
  
  Re: I don’t get the hurry
  
  Microsoft upgrades are usually downgrades. Adding AI makes you less secure. And not getting MS updates improves your resilience.
  
  4 0 Reply
Wednesday 29th October 2025 11:08 GMT pitrh

I'm really in two minds about this ...

As in, should I gloat about feeding anybot trying to acces the owa url at my internet-facing server with a gzipped archive of /dev/zero output that expands to some tens of gigabytes, as in

240e:370:4a13:2259:e86c:1ebd:9a7a:3691 - - [28/Oct/2025:09:02:29 +0100] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//mail.bsdly.net/owa/ HTTP/1.1" 200 70093992 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

or should I direct attention instead to my 2011-vintage rant about exchange itself, The Problem Isn't Email, It's Microsoft Exchange (or here if GOOG's trackers are more to your liking)?

You decide.

3 0 Reply
Wednesday 29th October 2025 12:40 GMT Anonymous Coward

Anon because i'm a horrible situation

I have a single exchange 2016 at a clients, about 120 mailboxes scattered over 10 remote offices, nothing too complex, has been plodding on for many years and only had two significant outages. Anyway, their Outlooks range from 2013 to 2024 so upgrading to SE potentially (as I have not tested) could mean additional costs to bring almost all their MS Office's up to date, then there's the ongoing subscription costs plus a monster server hardware replacement. 365 is a tad too expensive for them but would solve many issues.

So choices are, stay on unsupported Exchange and fingers crossed (all web access is blocked, just ActiveSync only) or try SmarterMail with the mapi support extras. This, at the moment might be the route to go as it's as close to Exchange as any other package has been. Unfortunately they are all tied to Outlook due to the CRM software needing to generate emails on a very regular basis.

So the end of Exchange support and it's replacement is not black and white for everyone

6 0 Reply
1. Wednesday 29th October 2025 13:01 GMT Anonymous Coward
  
  Re: Anon because i'm a horrible situation
  
  If they have cyber insurance, unsupported software is likely to be an immediate get-out clause for the insurer. If there is a policy, best check the wording ASAP!
  
  Office versions priod to the LTSC 2021 version are also all out of support, which poses further risks.
  
  Given Microsoft's track record with security holes which need patching, and the fact that their software is the biggest target due to its usage levels, I wouldn't risk using any out of support Microsoft products.
  
  2 0 Reply
2. Wednesday 29th October 2025 15:09 GMT Anonymous Coward
  
  Re: Anon because i'm a horrible situation
  
  I don't envy you, you are an IT Pro being made to work as a Painter and Decorator!
  
  You are being asked to paper over some pretty large cracks in your client's business. Time to have a *VERY* frank discussion: It's best efforts from now on, no guarantees and I want payment on 7 day terms - you might not make it to 30.
  
  But seriously, they need to understand they have had the benefit of underinvestment for near 10 years, now its time to accept that a member of staff has the cost of a desk, PC, mobile etc etc *AND* £8/mo on a 365 seat. It's just part of being an employer. (or less if a charity)
  
  Good luck!
  
  6 0 Reply
3. Saturday 1st November 2025 23:54 GMT Dwarf
  
  Re: Anon because i'm a horrible situation
  
  Suppliers should provide solutions, not more problems.
  
  It is your companies choice what their next product is, not Microsoft's.
  
  0 0 Reply
Wednesday 29th October 2025 18:50 GMT StinkyMcStinkFace

For the LOVE OF GOD, Listen

We are NOT moving to windows 11 - EVER.

We are NOT moving our data to Microsoft's cloud - EVER.

We are NOT giving up Exchange 2016 - EVER.

The fault is not on us. It's on Microsoft. Microsoft did this to us. Microsoft cut off support.

I will not pay a subscription.

I will not give up my data sovereignty.

No amount of threats or insults will change those facts.

I spent the last 40 years of my career focusing on DOS, and then Windows 3.1 all the way up to Windows 10 software development - AND I AM PISSED OFF. I am angry that I wasted my life in Microsoft's eco system.

NO MORE.

You know where you can shove it, Microsoft.

1 1 Reply
1. Thursday 30th October 2025 14:33 GMT Anonymous Coward
  
  Re: For the LOVE OF GOD, Listen
  
  In which case, your options are either to move away from Microsoft software, or expose your data to massive and increasing risks by using unpatched software. I'm not saying it's justifiable that this is the case, but it remains the reality because Microsoft makes the rules, and Microsoft is only interested in serving its own interest.
  
  2 0 Reply