NatWest and ANZ are among the banks that are still using Windows Server 2003, despite Microsoft ending support for the operating system last month, according to security outfit Netcraft.
Extended support for Windows Server 2003 ended on July 14, 2015, meaning that Microsoft will no longer be issuing security updates, which US-Cert warns means an elevated risk of things like cyberattacks and data theft.
Yet Netcraft says that more than 600,000 web-facing computers which host millions of sites are still running the server operating system.
Natwest, ANZ, and Grupo Bancolombia are using Windows Server 2003 and Microsoft Internet Information Services 6.0 on their main sites. Hundreds of other banks "appear" to be using Windows Server 2003 while some, including ING Direct and Caisse d'Epargne, are using IIS 6.0 but do not seem to have Windows Server 2003 machines exposed directly to the internet.
Meanwhile, Netcraft warns that firms using unsupported operating systems like Windows Server 2003 in a cardholder data environment should migrate immediately or face automatic PCI compliance failure.