'Thousands' of insecure Windows servers remain online, despite risks

It's all fun and games until someone gets hacked.
Written by Zack Whittaker, Contributor

Hundreds of thousands of old, outdated, and unpatched versions of Windows Server 2003 are still online, putting users at risk.

New data from internet services company Netcraft shows about 609,000 web-facing systems, serving an estimated 175 million websites, are running decade-old Windows Server 2003, potentially putting their systems and customers at risk of cyberattack and data theft.

Most unpatched servers are said to come from the US and China, which account for more than half of all Windows Server 2003 installations detected.

Many of the more high-profile servers run websites that host social platforms with vast amounts of data, and other secure sites, such as banks, financial institutions, and even public-facing security vendors.

Natwest, ING Direct, and Panda Security were named by the company as still running old versions of the operating system.

Alibaba is also said to be responsible for more than 24,000 affected machines, according to the report

The news comes just a month after Microsoft wound down extended support for the aging operating system in July 14, meaning many thousands will be running the software without any security patches or updates from Microsoft.

This follows the wind-down of Windows XP, which earlier this year was no longer officially supported by the software giant.

But some organizations, despite the warnings, were hesitant to upgrade. The Dutch government reportedly paid Microsoft millions to maintain its fleet of Windows XP machines after the deadline, as did the US Navy.

However, Microsoft did not extend the same benefits to those running Windows Server 2003. Once users reached the July 14 deadline, servers must be upgraded or were left vulnerable to attacks.

Even the federal government has warned of the risks associated with using outdated and unpatched software.

"Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss," said US-CERT, the cyber-readiness unit from Homeland Security, in an advisory last year.

The worst is yet to come. Staving off upgrading may not just put machines and customers at risk, it could lead to legal issues at home and abroad.

"Many merchants still using Windows Server 2003 are likely to be noncompliant and could face fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts," said the report.

These companies lost your data in 2015's biggest hacks, breaches

Editorial standards