IIS 7.0, which is no longer maintained, has 17 identified problems.
Cybernews portal specialists discovered over two million web servers on the Internet that were running on out-of-date and no longer maintained editions of IIS (Internet Information Services).
Microsoft IIS is the world’s third most popular web server, powering over 50 million Internet sites. IIS has a market share of more than 12%.
Microsoft keeps current versions of IIS secure by periodically providing upgrades, patches, or hotfixes; however, IIS 7.5 and lower are no longer maintained by the business and, like other old software, are riddled with vulnerabilities.
Experts examined the Internet for servers running five distinct unsupported versions of IIS with known vulnerabilities as part of the research.
The researchers discovered more than 7 million potentially susceptible servers, 5 million of which were honeypots and more than 2 million of which were insecure Microsoft IIS servers.
Although all older versions of IIS were vulnerable to assaults, the worst-case scenario was IIS 7.0, which has 17 security flaws and was used by 47 thousand of the identified servers.
China (679,941) and the United States have the largest number of susceptible installations (581,708). Following that are Hong Kong (200 786), South Korea (54 981), and Germany (43 857).
Worse, web servers running public websites disclose IIS versions.
“This means that running a vulnerable version on these servers invites hackers to enter into their networks,” the researchers said.