Netcraft, a prominent British Internet service company, says that more than 600,000 servers—which still host millions of websites—are still running Windows Server 2003, even though Microsoft dropped its extended support for the OS this July. Netcraft figures that the servers are responsible for hosting roughly 175 million websites—amounting to 20% of all websites on the Internet.
These numbers are raising some eyebrows as it means that roughly one-fifth of all websites currently online will no longer be getting regular security updates, making them highly prone to hacks and viruses. This places both users and site operators at risk for detrimental security breaches.
Reasons for Upgrading
Besides not having regular security updates, there are a number of other issues that can arise with running the outdated OS.
- Compatibility issues can come between software and hardware.
- Older apps will need to be isolated to keep secure.
- Businesses running older software will have a competitive disadvantage compared to those with newer technologies.
- There is a high potential of falling out of PCI or HIPAA compliance.
- New and old malware can more easily exploit the vulnerable system.
Slow to Upgrade
What is also troubling is that even some banks are still using Windows Server 2003 to host their main websites. Natwest, ANZ, and Grupo Bancolombia are just a few among the hundreds of banks still using the OS. Many of these sites rank amongst the top 10,000 websites in the world.
Even the U.S. Navy still runs a number of “legacy applications” that require Windows XP, for which Microsoft discontinued support back in April 2014. This has lead to a deal between the two entities. The Navy pays Microsoft at least $9 million to provide critical hotfixes and software patches for Windows XP, Office 2003, Exchange 2003, and Server 2003.
Meeting PCI Compliance
The biggest worry, says Netcraft, should come from online merchants whose websites are still hosted on these servers. Because they will no longer be receiving vital security patches, they are leaving their customers’ personal information vulnerable to cyber attacks. Failing to keep software updated by installing vendor-supplied security patches will more than likely result in these merchants falling out of PCI compliance.
By not keeping up with the Payment Card Industry Data Security Standards (PCI DSS), merchants can face fines, increased transaction fees, reputational damage, or have their accounts cancelled.
To avoid all this, merchants and other site operators are advised to migrate their websites to servers running newer operating systems. Microsoft has suggested to those still running Windows Server 2003 to switch to its newest server OS, Windows Server 2012 RT, or its cloud platform, Microsoft Azure.
For those not wanting to upgrade, Microsoft has announced it will charge $600 per server for a special custom-support deal to safely run Windows Server 2003. However, this price only covers the first 12 months after support stops, but will double every year afterwards. Some expert analysts say that sticking with WS 2003 could end up costing some businesses millions.