The cybersecurity researchers at Cyber news have identified that over 2 million web servers are powered by outdated and vulnerable versions of Microsoft internet information services (IIS).
By the view of the experts, Microsoft does not support the legacy IIS versions due to which threat actors can easily compromise them to inject all kinds of malware.
Depending on the nature of the website it can also include login and payment information. According to the reports, Microsoft IIS is the third most popular web server in the world with over 50 million websites that too for a market share of just 12%.
2 Million Microsoft IIS Servers are Exposed to Threat Actors
During the Microsoft investigation, it was identified that the 7335868 potentially vulnerable web servers across the world are running legacy versions of IIS.
Out of the 72% of the servers were honeypots, and it was discovered that more than 2 million of the instances were actually running on vulnerable software., but, Microsoft no longer supports that.
It is said that the web servers that host public websites should be publicly accessible to function. But they are broadcasting the outdated IIS versions. The threat actors are aware of the web servers' vulnerabilities which could be very useful to them to collect the data they require to attack their target.
In China, the Most vulnerable IIS Web Servers are Located
Chian is at the top list of vulnerable servers locations with 679941 exposed instances running the legacy version of IIS. As per Andrew Useckas, the reason for China’s first position could be the country’s lax stance on software privacy.
The main reason that supports so many Microsoft IIS servers in China is that they are easier to install and the licensing cost is not an issue. According to Ben Carr, CISO of Qualys, the process is still developing in China, and there would be more compliance and security guidance with time.
Most Vulnerable IIS Version
In present time there is at least five known vulnerability that is suspectable on every single legacy version of Microsoft IIS. Threat actors, can easily exploit them as most of them are quite critical in nature.
However, the most vulnerable version of Microsoft IIS is version 7.2, and there are 47620 legacies working on version 7.0.
Keep your Software up to Date
If you want to keep your software safe and virus-free, then keeping it up to date might be a good idea. It isn’t an easy task but it’s worth it, there are many web developers who have to juggle multiple responsibilities at the same time, and keeping their software up to date might not be their priority list.
Moreover, the developers need to start developing hand in hand with security professionals and system updates, this includes areas like IT management, fixing the codes, updating the systems, etc.