There was an unusual spike in counts (though not terribly significant in terms of absolute numbers) for Server 2003 R2 that we noticed and are still looking into, though at this time, our best guess is this is simply a manifestation of the somewhat stochastic spirit of Sonar.
For instance, Netcraft noted a shift from Windows web servers to OpenResty. The net decline that we observed in Windows Server instances does comport with what other internet researchers have observed as well.
The decline in usage of Server 2008 and Server 2008 R2 amounted to approximately 40,000 and over 2,000,000 instances, respectively. Over the past several months, we have observed a notable decline in the number of unsupported variants of Windows Server - including Windows Server 2003, 2008, and their various release candidates. While we can assert that the state of Windows Server security across the internet in this latest month doesn’t look great, there does appear to be some level of progress. For instance, we can note that Hangzhou Alibaba Advertising hosts by a wide margin the most instances of unsupported Windows Server instances within China. There is also observable variation between hosting service providers within countries in terms of unsupported Windows Server instances. In this case, we found that Poland manifested itself particularly well, with the most dramatic difference in terms of absolute counts of supported over unsupported versions, while the United States appeared the worst off, with nearly half a million more instances of unsupported versions than supported. This allowed us to get past a consideration of the raw prevalence of Windows Server within particular countries. On the other hand, the heaviest concentrations of supported versions of Windows Server were also the United States and China, though if we examine the coloration scale more closely, we do see that the numbers for unsupported versions are significantly larger than supported.įor a more direct comparison of supported versions of Windows Server against unsupported versions within countries, we calculated the difference between the two classes within each country. We were also able to identify the countries in which these unsupported Windows Server instances were located, and determined (without much surprise) that the heaviest concentrations were in the United States and China. For examples, see any number of Rapid7’s past blog posts, including reflections on the state of PHP and Microsoft Exchange. It seems to be more the norm that the preponderance of actively running services on the internet are outdated, unsupported, improperly patched, or insecure. However, the uneven balance of dangerous versus safe services that we observed is not terribly unusual. What we found was alarming: Over the course of September 2020, 59% of all uniquely observed instances of Windows Server were unsupported, while 41% were supported. We performed a number of internet-wide scans using Project Sonar, and fingerprinted the returned data using Recog, when possible, to enable us to identify specific versions of Windows Server. We took a more systematic look at the prevalence of the different versions of Windows Server that are floating out on the open internet. Through a sampling of some of our data, we realized that even as of the date of this post, there were many instances of Windows Server 2008 still running in the wild-and by extension, associated variations of dependent software, such as Microsoft Internet Information Services (IIS) version 7.0 and 7.5.
Though there have been exceptions to end of support under unusual circumstances, such as the extension of support for Windows 10 in light of the unprecedented COVID-19 pandemic, such exceptions shouldn’t be expected to be the norm.
14 that affect these specific versions of Windows will not likely be addressed for the vast majority of installations. What does that mean in practice? Well, any instances running these versions of Windows Server are no longer supported by Microsoft-no more automated fixes, updates, or technical assistance.įrom a security standpoint, any exploits that appear after Jan. Windows Server 20 R2 reached their end of life (EOL) on Jan.