After consulting with the Sysadmins, we found that there are only two applications being utilized on the server. Off I went to query the application owners as to migrating the applications off the server to something supported. Here's one of the responses:
I will speak with my management regarding making the migration of what's on there a priority to move. The wrinkle is that some of the code is old and needs to be rewritten/ported into the current project and that is an effort that I have yet to get permission to put the hours in on.So for now, we need to leave it where it is and I'll try to get everything off of there as soon as possible.
Security education only goes so far. The fact that there are exploits out there does nothing for the application owners...they're willing to take the risk. I have their acceptance of risk in writing; but a lot of good that will do if/when something happens to the server.