1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Microsoft servers are running on vulnerable legacy so

    From TechnologyDaily@1337:1/100 to All on Thu Sep 9 16:30:03 2021
    Millions of Microsoft servers are running on vulnerable legacy software

    Date:
    Thu, 09 Sep 2021 15:07:21 +0000

    Description:
    Unmaintained versions of IIS power over two million genuine web servers,
    claim security researchers.

    FULL STORY ======================================================================

    Researchers from CyberNews say they have identified over two million web servers powered by outdated, unmaintained, and vulnerable versions of Microsoft Internet Information Services (IIS) web server .

    According to the researchers, since the legacy IIS releases versions are no longer supported by Microsoft, threat actors can easily compromise them to inject all kinds of malware , and even exfiltrate visitors data, which could include login and payment information, depending on the nature of the website it powers.

    Microsoft IIS is reportedly the third most-popular web server in the world, powering over 50 million websites for a market share of just over 12%. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << These are the best endpoint protection tools Here's our choice of the best malware removal software on the market Check our list of the best firewall apps and services

    While Microsoft keeps the newer versions relatively safe by releasing
    security updates and vulnerability hotfixes, older IIS versions from 7.5 downwards are no longer supported by the company. And like other types of outdated server software, all legacy versions of Microsoft IIS suffer from numerous critical security vulnerabilities, CyberNews explained. Outdated servers galore

    Armed with this information, Cybernews researchers identified five different IIS versions and subversions that werent maintained and had publicly known vulnerabilities.

    It then searched for these vulnerable IIS installations, and while a majority turned out to be honeypots, over two million were found serving genuine use cases.

    While all legacy IIS versions were susceptible to attacks, version 7.0 with
    17 known vulnerabilities emerged as the most harmful. Surprisingly, it was found running on over 47,000 web servers.

    Upon further investigation, with more than 679,000 vulnerable IIS servers, China emerged as the country with the most number of susceptible installations. Surprisingly though, the US with over 581,000 unprotected IIS servers wasnt far behind in second place.

    CyberNews security researcher Mantas Sasnauskas believes the situation is further aggravated by the fact that the web servers that host public websites would also be broadcasting their outdated IIS versions for everyone to see.

    This means that running these servers on visibly vulnerable software is tantamount to extending an invitation to threat actors to infiltrate their networks, Sasnauskas sums up. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/millions-of-microsoft-web-servers-are-running-o n-vulnerable-legacy-software/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)