skip to Main Content

Windows 2003 Web Servers – Seriously? 

Companies are still running public-facing websites that are hosted on Windows 2003. Considering the lack of security patching they should be eliminated as soon as possible.


We hear a re-occuring theme at present as we busily assist with Windows 2003 migrations and decommissions and that is ‘We need to protect our edge servers – we cannot have a Windows 2003 machine accessible from the Internet’. Quite right too.

This led us to investigate the issue further to determine how large the issue potentially is. We already know that Windows 2003 has been the reliable old workhorse for many many years, so therefore its right to assume that there are lots of Windows 2003 web servers right?

Right indeed… This article shed some light on the size of the Windows 2003 problem:-


Netcraft Windows 2003 Web Server Analysis

As you can see – the usage of Windows 2003 as a web server has gradually been in decline since 2011, however the numbers are still alarming. How many of those web servers handle e-commerce? The purchase from that independent retailer that you love could potentially be at risk of exposing your confidential information.

It’s very hard to analyse global data – or even obtain simple statistics. However it’s safe to say that we know roughly where the ball is in the park. A recent Spiceworks whitepaper revealed that of the 1300 IT Professionals that were surveyed – 15% of them weren’t likely to upgrade some 6 months or more after the EOL date. 10% had no plans at all.

Spiceworks Windows 2003 Survey 2015

Of course – there are lots of installations of Windows 2000 still out there and even Windows NT4 (we have seen plenty) however the difference is, these are backend servers and don’t sit within DMZ’s etc. Windows 2003 brought significant web capabilities when it was released which set it apart from previous versions.

The attacks on Web Sites are increasing rapidly (Ashley Madison anyone?), with many web sites struggling to maintain security on the most modern of technologies – poor old Windows 2003 has no hope surely? Curiously we managed to find companies still willing to sell on web hosting on a Windows 2003 server. Cheap is not always good.


So I leave you with this thought.

When progressing your Windows 2003 mitigation strategy – make sure you get your priorities right.

Yes it’s easy to grab the ‘low hanging fruit’ and have great looking Management Reporting – however assessing priority by measure of risk may pay dividends particularly if your company/client is brand conscious. 


Share on facebook
Share on linkedin
Share on twitter
Share on email

Take our FREE Scorecard to find out if your investment is at risk.

Discover the value of technology in your portfolio and target investments to gain more confidence and uncover potentially significant risks that could affect the value of a sale or an acquisition.

More Stories

Back To Top