According to the latest research report published by the market research agency CyberNews, there are more than 2 million web servers in the world that are still running the old version of Microsoft Internet Information Services (IIS) that is outdated and vulnerable to attack. IIS accounts for 12.4% of the global market and is the third most popular web server software suite used to support at least 51.6 million websites and web applications.
However, the old version of IIS earlier than 7.5 is no longer supported by Microsoft. Like other types of outdated server software, all legacy versions of Microsoft IIS have many critical security vulnerabilities, making them an attractive target for threat actors.
CyberNews researchers use an Internet of Things search engine to find unpatched IIS web servers that are vulnerable to known CVEs. After filtering out honeypots (a decoy system used by the security team), they discovered 2,033,888 vulnerable servers. Since servers hosting public websites must be publicly accessible in order to perform their functions, they are also broadcasting their outdated version of IIS for everyone to see.
CyberNews security researcher Mantas Sasnauskas said: This means that running these servers on obviously vulnerable software is equivalent to an invitation to infiltrate their networks to threat actors. At present, there are 679,941 exposed instances running the traditional version of IIS in China, ranking first among vulnerable server locations. The United States has 581,708 unprotected servers, ranking second.
Andrew Useckas, CTO of ThreatX, said: The reason why there are so many servers running older versions of IIS in China is that they are easier to install than Linux servers and because the use of pirated versions bypasses the license fee. And these users who install pirated versions are also I don’t know how to do maintenance, let alone upgrade.