There Are Over 2 Million Vulnerable Microsoft Web Servers Online

  • Millions of Microsoft IIS servers were found to be vulnerable to multiple flaws that aren’t going to be fixed.
  • These systems are running internet services software that has been deprecated so it doesn’t receive updates anymore.
  • Most vulnerable deployments are in China, possibly due to over-reliance on pirated copies of Windows.

Cybersecurity agencies may be promoting “best security practices,” nations are investing in training and bolstering programs, and network security organizations are calling for the adoption of “zero-trust” systems. Still, when considering how many companies and admins are using legacy, unsupported software, it all looks as if it’s done in vain. According to a research by CyberNews, over two million web servers worldwide are running an outdated and vulnerable version of Microsoft Internet Services (IIS) software, and this is only a snapshot of the situation focusing on a specific product.

The IIS has a market share of 12.4% in the webserver software field, and it’s used by 51.6 million websites and web apps. All versions from 7.5 and older are no longer supported by the company, so they carry several vulnerabilities that can be exploited by malicious actors. In most cases, these flaws have been documented while exploits and PoC (proof of concept) have been published. As such, crooks don’t even have to dig much or write any code themselves, as hitting these old versions is a matter of sourcing the right tools.

For context, the IIS 7.5 was released in Windows 7 all the way back in 2010, and support for it ended in January 2020. So, all the vulnerable systems that CyberNews investigators found online haven’t been updated for over a decade. The two countries that count the most vulnerable IIS servers are China and the U.S., with Hong Kong, South Korea, and Germany following behind with notable numbers too.

Source: CyberNews

A possible explanation for this could be that most of these vulnerable deployments rely upon pirated Microsoft Windows copies used by admins who don’t know how to maintain and don’t care about upgrading their IIS tools at all. Many pirated versions of Windows cannot be upgraded at all as they have the relevant module disabled. In China, there are almost no compliance regulations to underpin software deployment, leading to situations like this one.

Source: CyberNews

Most of the vulnerable systems run IIS version 7.5, a notable number runs 6.0 (released in Windows XP), and some run version 7.0, which is the most vulnerable branch of all, counting 17 known vulnerabilities. Version 7.5 has five documented flaws, more than enough to give hackers a handle on the systems.

Latest
How to Watch The Good Doctor Season 6 Online From Anywhere: Stream the Medical Drama
We will soon return to St. Bonaventure since a new season of the series is set to premiere soon, and the best...
How to Watch Darts World Grand Prix 2022 Live Stream Online from Anywhere
The 2022 Darts World Grand Prix is finally upon us, and we are looking forward to what should be a pulsating tournament...
How to Watch The Walk-In Online From Anywhere
A new drama show that follows a former Neo-Nazi as he thwarts an attempt to assassinate an MP is going to premiere...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]