Surprise: companies don’t like updating their computers.
We’ll do the math for you: that’s a 12 year old operating system still powering web hosts for banks and security vendors. An operating system that – as of last month – Microsoft will no longer support. That means no patches or security updates whatsoever:
Those servers help run an estimated 175 million websites; Netcraft says they accounted for over a fifth of all the pages they surveyed.
About 55% of the machines were located in China and the US. That includes around 24,000 computers hosted by Alibaba, as well as several banks, including Natwest and ING Direct. Heck, even some security agencies like Panda Security and eScan are still running on the legacy OS.
Netcraft says sticking to Server 2003 puts companies at risk, as security standards for the payment card industry require all protections from vulnerabilities to be patched via the operating system manufacturer – something that will no longer be possible now that Microsoft has shuttered support.
In other words, these systems have no guaranteed protection against possible future vulnerabilities. These merchants could also be subject to “fines, increased transaction fees, reputational damage, or other potentially disastrous penalties such as cancelled accounts.”
Read next: Windows 10 Review