Threat Management, Threat Intelligence, Security Operations, SOC

Internet-exposed EoL Microsoft IIS servers remain prevalent

Warsaw, Poland - August 24, 2024: Microsoft logo on company head

More than 511,000 Microsoft Internet Information Services servers that have reached end-of-life remain online, nearly 50% of which have outlived the official Microsoft Extended Security Updates period, Cybernews reports.

China and the U.S. accounted for most of the outdated servers, while Canada, France, Germany, Italy, the UK, Taiwan, South Korea, and Hong Kong had more than 10,000 EOL servers each, findings from The Shadowserver Foundation revealed.

"Needless to say, these should be updated or replaced," said Shadowserver CEO Piotr Kijewski.

Attacks frequently target edge devices and web servers, including virtual private networks, load balancers, routers, and firewalls by taking advantage of discovered flaws. The Cybersecurity and Infrastructure Security Agency and other authorities have recommended the proper management of life cycles and protection of susceptible systems.

Researchers noted that the servers are an optional component of the operating system, and being at the end of life could also mean that the underlying OS are also past their life cycles. IIS hosts Windows NT family websites, applications, and services. It provides users with content and manages incoming requests, much like Nginx or Apache.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds