Banks and security agencies are running a vulnerable version of Windows

Banks and security agencies are running a vulnerable version of Windows

Surprise: companies don’t like updating their computers.

A study by internet services company Netcraft shows that something around 609,000 active servers still run on Windows Server 2003.

We’ll do the math for you: that’s a 12 year old operating system still powering web hosts for banks and security vendors. An operating system that – as of last month – Microsoft will no longer support. That means no patches or security updates whatsoever:

Those servers help run an estimated 175 million websites; Netcraft says they accounted for over a fifth of all the pages they surveyed.

About 55% of the machines were located in China and the US. That includes around 24,000 computers hosted by Alibaba, as well as several banks, including Natwest and ING Direct. Heck, even some security agencies like Panda Security and eScan are still running on the legacy OS.


Netcraft says sticking to Server 2003 puts companies at risk, as security standards for the payment card industry require all protections from vulnerabilities to be patched via the operating system manufacturer – something that will no longer be possible now that Microsoft has shuttered support.

In other words, these systems have no guaranteed protection against possible future vulnerabilities. These merchants could also be subject to “fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts.”

Millions still running the risk with Windows Server 2003 [Netcraft via ZDNet]

Read next: Windows 10 Review

Read next: Google’s new project could convince you to buy solar panels