Over 2 million Windows servers were found to be running legacy versions of IIS. This potentially allows hackers to execute code on business servers, which can expose and allow access to company data.
Microsoft Windows is one of the most used operating system in business environments. Naturally IT administrators gravitate to Microsoft Internet Information Services (IIS) as it is built directly within the operating system. This lead to IIS being the third most popular suite of web server software. IIS is used to host at least 51.6 web applications online, consisting of E-Commerce platforms and online portals to email servers.
Due to these systems being critical to business operations, many businesses neglect to perform full IIS upgrades and only push small security updates. This negates some of the smaller vulnerabilities in the IIS version, but cannot remediate the root level issues with outdated IIS versions.
Leaving businesses to hope hackers don’t have a field day with their data as well as their clients’ data.
Over 2 million Microsoft IIS servers are vulnerable
Over 7 million servers were found to be running susceptible IIS versions. However, 72% of them were managed and maintained by security researchers who use the vulnerable servers as honeypots to lure in bad actors.
The over 2 million vulnerable IIS servers were housing many business applications. Leaving many businesses hoping that they are not the next target for a ransomware or malware attack.
Leaning into Software and Infrastructure Maintenance
In order for business to keep their software solutions up to date, business have to allocate time and resources to overhauling systems. This is a grueling and time-consuming task, but in order to insulate business they need to understand that running these systems on legacy versions of IIS is asking for problems with bad actors in the future.
Due to these high maintenance costs many businesses are moving towards Software-as-a-service (SAAS) solutions as they provide lower costs on maintenance, lower reliance on internal management and monitoring, and can have much higher security if managed correctly. SAAS solutions lower the maintenance costs, as maintenance coordination is handed over to the SAAS provider. These SAAS solutions then provide a predictable cost as the unknown fees that come with maintenance vanish.
Ultimately, the best solution to ensure your business is secured is by designating a team member or a 3rd party organization to monitor and provide recommendations on system updates and maintenance. In addition to understanding how much your business is exposed to the outside world, opening your business up to the prying eyes of hackers.