Computer systems running vendor-unsupported or end-of-life operating systems are potential security threats to the UAB campus network. Vendors do not provide security patches for unsupported systems, and these unpatched systems can be exploited by attackers. Such exploitations can result in disrupted experiments, corrupted research data and/or completely compromised systems. UABIT reserves the right to disconnect these computers from the campus network to mitigate this data breach risk (see UAB’s Acceptable Use of Computer and Network Resources policy). UAB system administrators are responsible for maintaining the security of all information systems, per the campus Data Protection and Security Policy, which includes updating applications and operating systems.
Any operating system prior to Windows Vista, Server 2008, and Mac OS X 10.8 should be considered unsupported.
The information in this guidance statement applies to all constituents internal to UAB.
We recommend that systems running legacy, unsupported operating systems should not be used. They should be disconnected from the network because of the significant security risk to the university’s network and environment. If the device is critical and cannot be turned off or disconnected, the device should be physically isolated from the university network. If disconnection and/or isolation are not possible, then an exemption and risk acceptance form will need to be completed, signed by the appropriate dean or vice president, and filed with Enterprise Information Security.
Unsupported legacy operating systems:
Windows XP as of April 2014
Windows 2000 server
Windows Server 2003 as of July 2015
Mac OS X Family
Mac OS X 10.7 (Lion)
Mac OS X 10.6 (Snow Leopard)
OS X 10.5 (Leopard)
OS X 10.4 (Tiger)
OS X 10.3 (Panther)
OS X 10.2 (Jaguar)
Mac OS 9.x
Ubuntu 11.04 and Prior
Ubuntu 10.04.4 LTS and Prior
Debian 5.0 (lenny)
Debian 4.0 (etch)
Debian 3.1 (sarge)
Debian 3.0 (woody) and Prior
Red Hat Enterprise Linux 6.5 after Nov. 30, 2015
Red Hat Enterprise Linux 6.4 and Prior
Red Hat Enterprise Linux 5.9 and Prior
Red Hat Enterprise Linux 4.7 and Prior
Oracle Linux 4.4 and Prior
Other Unix OS
AIX prior to 6.1
Solaris prior to 9 (SunOS 5.9)
FreeBSD 8.4 and Prior (as of Aug. 1, 2015)
Questions can be directed to firstname.lastname@example.org or, by calling (205) 975-0842.