icetray - Fotolia
The FoI request, carried out by IT services company Comparex, received 81 complete or partial responses from London borough, metropolitan and county councils in England. It found that many councils are using server software that is out of extended support and no longer receiving security patches.
Overall, almost half (46%) of the authorities are still using one or more of Windows Server 2000, 2003 or Microsoft SQL Server 2005.
Almost a quarter of the councils that responded to the FoI request said they were still running Windows Server 2000 or 2003, and 38% said they were running Microsoft SQL Server 2005.
Comparex also discovered that very few councils are paying for extended support, which means many are vulnerable to security and compliance risks.
Some 94% of the councils said they were also currently running Windows Server 2008, and the same number said they were running Windows SQL Server 2008. Both products are already out of mainstream support, with extended support ending in the next two years.
Just 13% of the authorities said they were currently paying for extended support for Windows Server 2008, and 9% were paying for extended support for Windows SQL Server 2008.
Comparex said the FoI data shows councils are leaving themselves open to security vulnerabilities and expensive extended support costs.
The firm warned that malware developers and cyber criminals closely track vulnerabilities in out-of-date software and work backwards to exploit them. For example, Windows Server 2003 currently has nearly 150 known significant vulnerabilities, said Comparex.
Read more about patching
Chris Bartlett, business unit director, public sector, at Comparex UK, said: “Many councils may also be delaying upgrades for fear of the potential cost and disruption they might incur. But councils can no longer afford to stick their heads in the sand – they should be looking to upgrade as soon as possible
“Only a handful of councils are currently paying for extended support, and it appears that most are either unaware or are simply ignoring the risks of using unsupported software. Councils need more detailed insight and greater visibility into their software estates, so they can make better-informed upgrade decisions.”