A third of London boroughs 'fess to running unsupported server software
It is not alone: Sheffield, Rotherham and Sandwell admit to using Windows Server 2000
A third of London councils and more than a quarter of England's metropolitan authorities have admitted to using unsupported server software – and three are still running Windows Server 2000.
The figures were revealed under a Freedom of Information request that asked the councils which of the following they ran anywhere in their IT infrastructure: Windows Server 2000, 2003 and 2005; and Microsoft SQL Server 2005 and 2008.
The results show that 10 of the 32 borough councils in the UK's capital still use at least one of Windows Server 2003 and Microsoft SQL Server 2005 – both of which are now out of extended support.
The same was true for seven of the 36 metropolitan borough councils in England. A further three – Rotherham, Sandwell and Sheffield – 'fessed up to also running Windows Server 2000, which Microsoft stopped offering extended support in 2010 (although the trio did say they ran all five of the systems listed, so we can always live in hope).
The FoI – a glorified sales pitch – was sent out by IT reseller Comparex, which talked up warned of security risks of running unsupported systems, pointing to the fact there are 150 known vulnerabilities for Windows Server 2003.
"By continuing to run out-of-date server software, many councils are exposing themselves to a host of security and compliance risks," said Chris Bartlett, business unit director for the public sector at Comparex.
Some Reg readers may disagree. It depends what purpose the servers are used for.
Bartlett added that councils that are "delaying upgrades for fear of the potential cost and disruption... can no longer afford to stick their heads in the sand – they should be looking to upgrade as soon as possible".
Bartlett did acknowledge, though, that some councils were migrating, as a similar request to the London boroughs in 2016 found 70 per cent running unsupported server software.
In addition, all of the London and Metropolitan borough councils running the unsupported software said they planned to upgrade in the next one or two years.
However, the request also revealed that councils were cutting costs by not paying for extended support even when it was available.
Seventeen London councils said they were running Windows Server 2008, and 18 said they were running Microsoft SQL Server 2008. Both are now out of mainstream support, but only one council – Bromley – said it was paying for extended support.
Similarly, just two of the 21 Metropolitan borough councils that said some of their servers were running Windows Server 2008 said they had purchased extended support for it: Manchester and Calderdale.
The same two councils were also the only ones of 21 running SQL Server 2008 to have paid for extended support.
In addition to the Metropolitan and London borough councils, Comparex also submitted requests the 27 County councils, taking the total number of local authorities surveyed to 95.
Overall, it found that 46 per cent of the respondents were using one or more of Windows Server 2000, Windows Server 2003 or Microsoft SQL Server 2005.
Almost all of the 24 per cent that admitted they were running the 2000 or 2003 versions said they planned to upgrade in the next two years.
It's also worth noting that Somerset County Council was the only local authority that reported running only unsupported server software (in the form of Windows Server 2003).
And of course, the councils are not alone in their sluggish pace to upgrade – earlier this year, the Department for Homeland Security was admonished for using Windows Server 2003 after Microsoft's July 2015 discontinuation of support. ®
Sponsored: Becoming a Pragmatic Security Leader