Over two million web servers still running on vulnerable legacy software
More than two million web servers worldwide are still running on outdated and vulnerable versions of Microsoft Internet Information Services (IIS) software according to research from CyberNews.
With 12.4 percent of the market worldwide IIS is the third-most-popular suite of web server software, used to power at least 51.6 million websites and web applications.
However, older IIS versions from 7.5 downwards are no longer supported by Microsoft. And as with other types of outdated server software, all legacy versions of Microsoft IIS suffer from numerous critical security vulnerabilities, making them an attractive target for threat actors.
CyberNews researchers used an IoT search engine to look for open unpatched IIS web servers that were susceptible to known CVEs. After filtering out honeypots -- decoy systems used by security teams -- they found 2,033,888 vulnerable servers. Since servers that host public websites must be publicly accessible to function, they are also broadcasting their outdated IIS versions for everyone to see.
"This means that running these servers on visibly vulnerable software is tantamount to extending an invitation to threat actors to infiltrate their networks," says CyberNews security researcher Mantas Sasnauskas.
Mainland China tops the list of vulnerable server locations with 679,941 exposed instances running legacy versions of IIS. With 581,708 unprotected servers the US come second, followed by Hong King with 203,786.
"The reason why there are so many Microsoft IIS servers in China is the same reason why there are so many of them in Russia. It's easier to install than Linux servers, and license costs are of no issue since these are mostly bootleg versions of Windows," says Andrew Useckas, CTO at ThreatX. "Of course, it's typical that the people who install these pirated versions have no idea how to maintain them and could not be bothered to upgrade them."
You can see the full research on the CyberNews site.