Windows Server 2003 support expires at 11:59:59pm, 14th July 2015. Which, no matter where you are in the world, is less than 48 hours from now.
Tomorrow will be the last time that Microsoft releases publicly available software updates for Windows Server 2003 and Windows Server 2003 R2. The only way that you’ll be able to get software updates after tomorrow is if you’ve got a custom support agreement with Microsoft.
If next month an exploit that works against Windows Server 2003, 2003 R2, Windows Server 2008, 2008 R2,and 2012 R2 becomes publicly disclosed, Microsoft will only be releasing updates for Windows Server 2008, 2008 R2, Server 2012, and Server 2012 R2. If you’re running Server 2003, you’ll be taking your chances.
Organizations that haven’t upgraded and don’t have a support agreement in place are taking their chances. They are assuming that they’ll be able to upgrade before bad things happen. It’s easy just to think of those bad things as nasty people on the internet using exploits to compromise servers running Server 2003, but bad things also come in the form of compliance audits where organizations are found to not have met their compliance obligations because they are running an unsupported operating system.
Current estimates place the number of computers still running Server 2003 in the millions. Even with Microsoft shouting from the rooftop about end of support, it’s been issues around software compatibility and hardware attrition, and compliance that have driven more upgrades than a concern about servers being vulnerable to an exploit that will never be patched.