Extended support for Windows Server 2003 ended on July 14, 2015. Crucially, this means that Microsoft will no longer be issuing security updates for any version of Windows Server 2003.
US-CERT warns that these unsupported installations of Windows Server 2003 are exposed to an elevated risk of cybersecurity dangers, such as malicious attacks or electronic data loss.
Windows Server 2003 was originally launched over 12 years ago, with the latest major update being released 8 years ago in the form of Service Pack 2. This update was particularly beneficial for web servers, as it added the Scalable Networking Pack (SNP), which allowed for hardware acceleration of network packet processing.
Fifth of the internet still running Windows Server 2003
Netcraft’s July 2015 Web Server Survey found 175 million websites that are served directly from Windows Server 2003 computers. These account for more than a fifth of all websites in the survey, making the potential attack surface huge.
Most of these sites (73%) are served by Microsoft Internet Information Services 6.0, which is the version of IIS that shipped with Windows Server 2003 and the 64-bit edition of Windows XP Professional; however, it is rare to see the latter being used as a web server platform.