Sep 14, 2021, 02:54 am
More than two million web servers worldwide are still running on outdated and vulnerable versions of Microsoft Internet Information Services (IIS) software according to research from CyberNews.
With 12.4 percent of the market worldwide IIS is the third-most-popular suite of web server software, used to power at least 51.6 million websites and web applications.
However, older IIS versions from 7.5 downwards are no longer supported by Microsoft. And as with other types of outdated server software, all legacy versions of Microsoft IIS suffer from numerous critical security vulnerabilities, making them an attractive target for threat actors.
CyberNews researchers used an IoT search engine to look for open unpatched IIS web servers that were susceptible to known CVEs. After filtering out honeypots -- decoy systems used by security teams -- they found 2,033,888 vulnerable servers. Since servers that host public websites must be publicly accessible to function, they are also broadcasting their outdated IIS versions for everyone to see.
Mainland China tops the list of vulnerable server locations with 679,941 exposed instances running legacy versions of IIS. With 581,708 unprotected servers the US come second, followed by Hong King with 203,786.
The full research can be viewed here:
https://cybernews.com/security/millions-...-software/
https://betanews.com/2021/09/09/two-mill...-software/
With 12.4 percent of the market worldwide IIS is the third-most-popular suite of web server software, used to power at least 51.6 million websites and web applications.
However, older IIS versions from 7.5 downwards are no longer supported by Microsoft. And as with other types of outdated server software, all legacy versions of Microsoft IIS suffer from numerous critical security vulnerabilities, making them an attractive target for threat actors.
CyberNews researchers used an IoT search engine to look for open unpatched IIS web servers that were susceptible to known CVEs. After filtering out honeypots -- decoy systems used by security teams -- they found 2,033,888 vulnerable servers. Since servers that host public websites must be publicly accessible to function, they are also broadcasting their outdated IIS versions for everyone to see.
Quote:"This means that running these servers on visibly vulnerable software is tantamount to extending an invitation to threat actors to infiltrate their networks," says CyberNews security researcher Mantas Sasnauskas.
Mainland China tops the list of vulnerable server locations with 679,941 exposed instances running legacy versions of IIS. With 581,708 unprotected servers the US come second, followed by Hong King with 203,786.
The full research can be viewed here:
https://cybernews.com/security/millions-...-software/
https://betanews.com/2021/09/09/two-mill...-software/