In today’s digital landscape, data security is more crucial than ever. Software providers are continually updating their products to protect users from emerging threats and vulnerabilities. Sage, a leading provider of business management solutions, has announced a significant security update affecting Sage 100 and Sage 300 users. This update, set to take effect on October 31, 2025, will impact how these products communicate with Sage licensing servers, particularly for customers using older Windows and Windows Server versions.
This blog post will explain the details of the update, its implications, and the steps you need to take to ensure uninterrupted access to your Sage software.
Why is sage making This Change?
Cybersecurity threats are constantly evolving, and one of the most effective ways to mitigate risk is by strengthening encryption protocols. Encryption ciphers are algorithms that secure data transmission between your system and external servers. Over time, some ciphers become outdated and vulnerable to attacks.
Starting October 31, 2025, Sage will block outdated encryption ciphers used by Windows and Windows Server when connecting to Sage licensing servers. These ciphers are not part of Sage 100 or Sage 300 themselves but are used by the underlying operating system during communication with Sage servers. By blocking weaker ciphers, Sage aims to:
- Protect customer data from interception and unauthorized access.
- Comply with industry standards and regulatory requirements for data security.
- Reduce the risk of cyberattacks targeting legacy encryption methods.
This proactive measure aligns with best practices recommended by cybersecurity authorities such as the National Institute of Standards and Technology (NIST), which regularly updates guidelines on acceptable encryption standards.
Who is affected by the update?
The security update primarily affects Sage customers using older versions of Windows or Windows Server. Specifically:
- Windows Server 2012
- Windows 8 or earlier
These operating systems rely on outdated ciphers that will be blocked by Sage’s licensing servers after the update. However, it’s important to note that cipher prioritization settings in newer versions of Windows or Windows Server could also cause issues if not properly configured.
Why are these systems at Risk?
Older operating systems are more likely to use weaker encryption protocols by default. Microsoft has ended support for Windows Server 2012 and Windows 8, meaning they no longer receive security updates or improvements, including updates to encryption standards (Microsoft Lifecycle Policy). Running business-critical applications on unsupported platforms increases the risk of security breaches and compliance violations.
What happens if Communication Is bLocked?
If your system relies on outdated ciphers and is unable to communicate with Sage’s licensing servers after October 31, 2025, you may encounter the following issues:
Sage 100
- Subscription expiration date won’t update: The software will continue to run until the stored expiration date is reached.
- “Subscription expired” messages: After the expiration date, users will see warning messages.
- Read-only mode: After 45–60 days, the product will switch to read-only mode, restricting access and functionality.
Sage 300
- Immediate warning messages: Users may see alerts as soon as communication is blocked.
- Read-only mode: The product will switch to read-only mode after 45–60 days, similar to Sage 100.
These restrictions can severely impact business operations, including access to financial data, reporting, and day-to-day management tasks.
What Should You Do Next?
To avoid disruption and maintain compliance with Sage’s security standards, customers should take the following steps:
1. Identify Your System Version
- Check your Windows or Windows Server version: If you’re running Windows Server 2012, Windows 8, or earlier, you are at high risk.
- Review your Sage product version: Older versions of Sage 100 and Sage 300 may not be compatible with newer, supported operating systems.
2. Upgrade Your Operating System
- Upgrade to a supported version of Windows Server: Microsoft currently supports Windows Server 2022 and will support Windows Server 2025 upon release.
- Upgrade desktop operating systems: Ensure all client machines use a supported version of Windows (Windows 10 or later).
Upgrading your operating system not only resolves the cipher issue but also ensures you receive critical security updates from Microsoft.
3. Upgrade Your Sage Software
- Update to a supported Sage version: Sage 100 and Sage 300 versions 2023, 2024, and 2025 are compatible with Windows Server 2022 and 2025.
- Consult your Sage channel partner: If you’re unsure about compatibility, reach out to your Sage partner or support team for guidance.
4. Monitor for Warning Messages
- Pay attention to subscription warnings: If you receive messages about subscription expiration or licensing issues, contact your partner or Sage support immediately—even if you are running a supported version of Windows Server.
5. Review Cipher Settings on Newer Systems
- Check cipher prioritization settings: Even newer operating systems can encounter issues if their cipher settings are misconfigured. IT administrators should review and update these settings according to Microsoft’s and Sage’s recommendations.
How Will Sage Support Customers?
Sage is proactively reaching out to customers identified as affected through their channel partners. If you have not been contacted but are running Windows Server 2012 or an older operating system, you should still take action to upgrade. Sage support and your channel partner can assist with:
- System assessments
- Upgrade planning
- Migration support
Why Is this Update Important?
Data breaches and ransomware attacks continue to rise, with outdated software and weak encryption among the leading causes (Verizon Data Breach Investigations Report, 2023). By enforcing stronger encryption standards, Sage is helping customers protect sensitive financial and operational data.
Additionally, many industries are subject to regulations such as GDPR, HIPAA, and PCI DSS, which require robust data protection measures. Running unsupported software can result in compliance violations and significant financial penalties.
Take Action Now!
The upcoming security update for Sage 100 and Sage 300 is a necessary step to safeguard customer data and ensure compliance with modern security standards. While the change may require upgrades to your operating system and Sage software, the benefits far outweigh the risks of remaining on outdated platforms.
Review your systems, consult your IT team and Sage partner, and plan your upgrades well before the October 31, 2025, deadline. By staying proactive, you’ll ensure uninterrupted access to your Sage solutions and maintain the highest level of data security for your business.
If you have questions or need assistance, reach out to your RKL eSolutions or Sage support for expert guidance.
