Researchers have found a huge global security risk that comes from using old Microsoft Internet Information Services (IIS) servers This article explores iis servers shadowserver. . The Shadowserver Foundation's new research shows that more than 511,000 IIS instances that are connected to the internet are running versions that have reached end-of-life (EOL).

This puts businesses at risk of serious cyber threats. The size of the problem is very worrying. More than 227,000 of the 511,000 identified EOL IIS servers have gone beyond Microsoft's Extended Security Updates (ESU) program. This means that these systems are now in an End-of-Support (EOS) state, which means they don't get any security updates, whether they are paid for or not.

Because of this, these servers are basically defenseless against newly found weaknesses. Shadowserver's constant scanning of the internet shows how big the problem has gotten.

These old servers are still connected to the internet, which makes the global attack surface much bigger. Most of these vulnerable deployments are in China and the United States, but the affected systems are spread out all over the world. Shadowserver has updated its Vulnerable HTTP reporting system to make it easier for defenders to see and help.

Network admins who get these reports will now see clear tags like "eol-iis" and "eos-iis" that show if a server is old or no longer supported. This tagging system is meant to help businesses quickly find high-risk assets and put them at the top of their list of things to fix. Running EOL IIS servers has very serious security risks. Threat actors love to attack unsupported systems because they don't get patches for newly found security holes.

Attackers often look for these kinds of systems on the internet so they can use known flaws, install ransomware, or get into corporate networks for the first time. IIS is often used as a front-facing web server, so if it is hacked, attackers can get directly into the network's internal infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) and other government groups have warned many times against using software that is no longer supported, especially on systems that connect to the internet.

Initial access brokers often use these systems to sell compromised access to other threat actors, which makes the risk even higher. To deal with this problem that is getting worse, businesses need to act right away. The first step is to find all the IIS instances in their environment and check to see if they are supported.

Administrators should check Microsoft's official lifecycle documentation to see if their deployments are still supported. Organizations should move services to supported versions of IIS or other modern web server platforms as soon as they find out that their systems are out of date. If migration isn't possible, systems should be cut off from the internet or completely shut down to lower their risk.

Shadowserver has also shared its scan data with network operators and national Computer Emergency Response Teams (CERTs), which helps them work together to fix problems. Its live dashboards also show the distribution of EOL and EOS systems in real time, which helps security teams keep track of and respond to risks more quickly. Finding more than half a million exposed EOL IIS servers shows that managing old systems is still a big problem in cybersecurity.

If organizations don't keep their systems up to date and make sure they can see their assets, they could leave important infrastructure open to attack. Immediate action is necessary to lower the global attack surface and stop possible major cyber incidents. Make ZeroOwl your preferred source in Google.