The end-of-life (EOL) dates for Microsoft's operating systems are set many years in advance but this doesn't stop people and businesses from continuing to use unsupported software. Windows XP h reached the end of its life on April 8, 2014 and is still being used by millions of consumers and businesses, despite the fact that any newly discovered vulnerabilities are no longer fixed.
Unfortunately, Windows Server 2003 situation is perhaps more severe. This old server operating system hit end-of-life (EOL) status last month, but the latest marketshare statistics from Netcraft reveals about 175 million websites, or roughly 20 percent of those surveyed, are still running Windows Server 2003!
The total number of servers running Windows Server 2003 is estimated to be around 609,000, which accounts for 10 percent of web-facing servers. Many of these vulnerable servers are located in China and the US, and Netcraft notes clients include hundreds of banking websites.
A portion of those websites aren't being run atop IIS 6.0 (Server 2003's default web server software), but that may be of little help—any new security vulnerabilities in the underlying operating system will probably go unfixed. Some companies may have extended support contracts with Microsoft, but those likely account for a small portion of the installed base.