NEARLY HALF of English councils are using server software that is no longer supported.
That’s according to a new study by Comparex using data obtained under the Freedom of Information Act which found that 46 per cent of councils are using Windows Server 2000, Windows 2003 or Microsoft SQL Server 2005.
All three products have long exceeded their Extended Support date and are therefore not being maintained with bug fixes or security updates by makers Microsoft.
Although the vast majority (between 88 and 94 per cent, depending on product) say that they intend to upgrade inside two years, by using such outdated software in the meantime, they continue to run the gauntlet of potential zero-day vulnerabilities with the power to bring down the entire infrastructure of the council.
Chris Bartlett, business unit director of Public Sector at Comparex, said: “The FoI data suggests that matters are slowly improving, as separate FoI requests to London Borough Councils back in 2016 showed that 70 per cent were running unsupported server software.
“However, with GDPR now in effect, councils need to be even more cognisant of vulnerabilities – especially considering the volume of citizen data they hold. With that in mind, it is important that risks are managed, and councils establish an upgrade strategy.”
A bigger ticking time bomb awaits. The study showed that 94 per cent of respondents use Windows Server 2008 or SQL Server 2008. Both reach EOL in the next two years and only between 9 per cent (SQL) and 13 per cent (Server) are paying for extended support.
The problem is a new spin on an old issue. With the NHS and Metropolitan Police amongst the organisations that have been slow to upgrade their machines from the long-dead Windows XP, the issue is as crucial from the server room as it is for the end user.
For them, an even bigger time bomb is on the way. Windows 7 reaches End-of-Life in 2020, meaning nearly half of Windows machines will become vulnerable, and so far, there’s very little being done about it.
Windows XP is still used by around 5 per cent of machines. μ
Source : Inquirer