The last Service Pack that was released for Windows Server 2003 was eight years ago and last month Microsoft ended support for the operating system all together. You would think then that the server owners would have switched operating systems but Netcraft has discovered that as many as 175 million websites are run on servers still using the software.
Netcraft goes on to point out that of the computers using the operating system, 73% are being served by Microsoft Internet Information Services 6.0 indicated that there are at least 1.7 million back end servers that may be at risk.
If you think that this isn’t a big deal think again. Any company that is serving data using Windows Server 2003 and deals in card payments may have failed the Payment Card Industry Data Security Standard (PCI DSS) already. The PCI DSS requires that all software on the server is up to date and having an outdated operating system falls out of this scope. This opens up the servers to attacks from hackers should they find a work around to the existing security systems on the server.
This risk becomes more worrying when you see that 55% of the problematic servers reside in the US and China. HiChina, which operates under the Alibaba banner, was found to have 12 000 offending servers running Windows Server 2003 and the cloud division Aliyun was found to have as many as 7 500 instances of the operating system.
The only way to rectify this is to change the operating system on the server to something more secure, and preferably more recent. While we aren’t able to find out exactly how many companies in South Africa are running the outdated software, if the US and China account for the number they do currently, there are more than likely a few of the based here. If any of these companies deals in card payments they could face fines, cancelled accounts and/or increased transaction fees.[Image CC by 2.0 – delbz / GotCredit]