ADVERTISEMENT

Millions of Microsoft web servers powered by vulnerable legacy software

Microsoft web servers run vulnerable software
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Sep 9, 2021 Updated: 28 September 2021 6 min read
  • Millions of Microsoft web servers are running on unsupported and vulnerable versions of IIS
  • More than a million still use an IIS version that had been discontinued by Microsoft last year
  • Most servers are located in Asia and North America

How we collected and analyzed the data

2 million Microsoft IIS servers are vulnerable to threat actors

Vulnerable IIS servers online
“This means that running these servers on visibly vulnerable software is tantamount to extending an invitation to threat actors to infiltrate their networks.”
- CyberNews security researcher Mantas Sasnauskas

Most vulnerable IIS web servers are located in China

Vulnerable server locations
ADVERTISEMENT

The most vulnerable IIS version

Most vulnerable Microsoft IIS versions

1.4 million vulnerable servers run IIS version 7.5

Top IIS versions by vulnerable servers

Keep your software up to date: it’s worth the hassle

“The biggest piece of advice? Patch your stuff, so you won’t be sorry.”
- Think Systems senior executive advisor John Riganati
ADVERTISEMENT