CP
cyberpings
VulnerabilitiesHIGH

Vulnerabilities - Internet-exposed EoL Microsoft IIS Servers Persist

SCSC Media
Microsoft IISend-of-lifeCybersecurity and Infrastructure Security AgencyShadowserver Foundationvulnerabilities
🎯

Basically, many outdated Microsoft servers are still online, making them easy targets for hackers.

Quick Summary

Over 511,000 outdated Microsoft IIS servers are still online, posing high risks, especially in the U.S. and China. Urgent updates or replacements are necessary to protect against attacks.

The Flaw

More than 511,000 Microsoft Internet Information Services (IIS) servers are still online despite having reached their end-of-life (EoL). This is alarming, as nearly half of these servers have surpassed the official Extended Security Updates period provided by Microsoft. The Shadowserver Foundation reported that the majority of these outdated servers are located in China and the U.S., with several other countries like Canada, France, Germany, and the UK also hosting significant numbers. These servers are critical components for hosting websites and applications but are now vulnerable due to lack of updates.

What's at Risk

The presence of these EoL servers poses a high risk to organizations and their data. Attackers frequently exploit vulnerabilities in outdated systems, targeting edge devices and web servers. The Cybersecurity and Infrastructure Security Agency (CISA) has warned that these vulnerable systems can lead to severe breaches and data exposure. As many of these servers may also be running outdated operating systems, the risk multiplies, making them easy prey for cybercriminals.

Patch Status

Currently, many of these servers are not receiving the necessary patches or updates. Once a product reaches its EoL, it is no longer supported by the vendor, meaning no security updates are issued. This situation leaves organizations exposed to various threats, including malware and ransomware attacks. Experts, including Shadowserver CEO Piotr Kijewski, emphasize the need for immediate action to update or replace these outdated systems to mitigate risks.

Immediate Actions

Organizations must take proactive steps to address the vulnerabilities posed by these EoL servers. Here are some recommended actions:

  • Conduct an inventory of all IIS servers in use and identify those that are EoL.
  • Update or replace any outdated servers as soon as possible.
  • Implement security measures such as firewalls and intrusion detection systems to protect exposed servers.
  • Educate staff about the risks associated with using unsupported software. Taking these steps can significantly reduce the chances of a successful cyberattack and protect sensitive data.

🔒 Pro insight: The prevalence of EoL IIS servers highlights a critical gap in cybersecurity hygiene, necessitating immediate remediation efforts to prevent exploitation.

Original article from

SC Media

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Vulnerabilities - Citrix Patches Critical NetScaler ADC Bug

Citrix has patched a critical vulnerability in NetScaler ADC devices. Organizations using SAML Identity Provider configurations are at risk. Immediate patching is essential to prevent potential data breaches.

SC Media·
HIGHVulnerabilities

LiteLLM - Supply Chain Attack Compromises Python Package

LiteLLM has been compromised due to a supply chain attack via Trivy, exposing user credentials. Users must take immediate action to secure their accounts and rotate any compromised tokens.

The Register Security·
HIGHVulnerabilities

Apple Security Advisory - Critical Vulnerabilities Patched

Apple has issued critical security updates for multiple operating systems. Users must update their devices to avoid serious vulnerabilities. Protecting your data is essential in this digital age.

Canadian Cyber Centre Alerts·
HIGHVulnerabilities

Pharmacy Cyberattack - Warning for Healthcare Security Weaknesses

A major cyberattack on Change Healthcare left millions of patients without access to their medications. This incident underscores the urgent cybersecurity vulnerabilities in healthcare. With losses reaching over $100 million daily, the need for robust defenses is clear. The healthcare sector must act swiftly to prevent such disruptions in the future.

Huntress Blog·
HIGHVulnerabilities

Dell Wyse Management Vulnerabilities - System Compromise Risk

Dell Wyse Management Suite has critical vulnerabilities allowing attackers to gain complete system control. Organizations must update their systems immediately to avoid exploitation. This is a serious risk that could lead to data breaches and operational disruptions.

Cyber Security News·
MEDIUMVulnerabilities

Vulnerability in Schneider Electric EcoStruxure Foxboro DCS

A vulnerability has been detected in Schneider Electric's EcoStruxure Foxboro DCS software. This affects workstations and servers, posing risks of data breaches and operational disruptions. Immediate action is required to apply patches and secure systems.

CISA Advisories·