Security researchers have mapped over half a million publicly exposed Windows web servers running end-of-life Internet Information Services (IIS) software. Nearly half of the servers outlasted even Microsoft’s last resort – the paid Extended Security Updates (ESU) program.
Shadowserver Foundation, a nonprofit organization that performs internet-wide scans and helps protect the web, reports that it has identified 511.000 Microsoft IIS servers that reached end-of-life and are potentially vulnerable.
Most of these servers are in China –137,959 instances, while the US is close second, with 119,472 outdated servers exposed, the data shows.
Hong Kong, France, Germany, the United Kingdom, Canada, South Korea, Taiwan, and Italy each have over 10,000 EOL servers, with thousands more in other countries.
IIS is a web server developed by Microsoft for hosting websites, services, and applications on the Windows NT family. Like Apache or Nginx, IIS typically handles incoming requests and serves content to users.
It is an optional component of Windows that follows the same lifecycle as the Windows operating system running it, suggesting the underlying operating systems are likely outdated as well.
Nearly half of the exposed servers, 227,000 instances, have already passed the official ESU period.
“Needless to say, these should be updated or replaced,” Piotr Kijewski, CEO at Shadowserver Foundation, said.
Windows 10 reached end of support in October last year, and millions of systems continue running it without any recent updates.
The Cybersecurity and Infrastructure Security Agency (CISA) and other cyber authorities have been urging organizations to properly manage the lifecycle of edge devices and safeguard vulnerable systems.
Threat actors routinely exploit discovered vulnerabilities to attack web servers and edge devices, such as load balancers, firewalls, routers, and virtual private networks.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked