BeYourself different approach

Windows 2003 Web Servers – Seriously? 

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.
Dave Refault


We hear a re-occuring theme at present as we busily assist with Windows 2003 migrations and decommissions and that is ‘We need to protect our edge servers – we cannot have a Windows 2003 machine accessible from the Internet’. Quite right too.

This led us to investigate the issue further to determine how large the issue potentially is. We already know that Windows 2003 has been the reliable old workhorse for many many years, so therefore its right to assume that there are lots of Windows 2003 web servers right?

Right indeed… This article shed some light on the size of the Windows 2003 problem:-


As you can see – the usage of Windows 2003 as a web server has gradually been in decline since 2011, however the numbers are still alarming. How many of those web servers handle e-commerce? The purchase from that independent retailer that you love could potentially be at risk of exposing your confidential information.

It’s very hard to analyse global data – or even obtain simple statistics. However it’s safe to say that we know roughly where the ball is in the park. A recent Spiceworks whitepaper revealed that of the 1300 IT Professionals that were surveyed – 15% of them weren’t likely to upgrade some 6 months or more after the EOL date. 10% had no plans at all.

Of course – there are lots of installations of Windows 2000 still out there and even Windows NT4 (we have seen plenty) however the difference is, these are backend servers and don’t sit within DMZ’s etc. Windows 2003 brought significant web capabilities when it was released which set it apart from previous versions.

The attacks on Web Sites are increasing rapidly (Ashley Madison anyone?), with many web sites struggling to maintain security on the most modern of technologies – poor old Windows 2003 has no hope surely? Curiously we managed to find companies still willing to sell on web hosting on a Windows 2003 server. Cheap is not always good.


So I leave you with this thought.

When progressing your Windows 2003 mitigation strategy – make sure you get your priorities right.

Yes it’s easy to grab the ‘low hanging fruit’ and have great looking Management Reporting – however assessing priority by measure of risk may pay dividends particularly if your company/client is brand conscious. 

Windows Server 2003 Whitepaper

More Posts

M&A Scorecard