Netcraft Finds IIS Locked Down in Wake of Code Red

Web server monitor Netcraft has documented that sites running Microsoft's IIS are substantially more locked down for security in the wake of Code Red than they were before the outbreak of the worm.

"The combination of the Code Red worm and the first cumulative patch for Microsoft-IIS has significantly improved the security of Microsoft-IIS systems on the Internet," Netcraft wrote in the August edition of its monthly report on Web server usage.

Netcraft tests several hundred Secure Sockets Layer (SSL) sites each month as part of its business, which includes automated penetration testing, site audits and site monitoring.

In July, almost 35 percent of IIS SSL sites tested by Netcraft were vulnerable to Code Red. In August, vulnerable sites fell to 2 percent.

The increased attention to IIS security and the cumulative IIS patches released by Microsoft contributed to sharp declines in other vulnerabilities as well. The percentage of IIS SSL sites where the server paths were revealed dropped from 50 percent in June to about 6 percent in August. Sites where administration pages were accessible fell from nearly 36 percent in June to 10 percent in August.

However, one vulnerability is on the increase -- sites with the root.exe installed. Both sadmind/IIS and Code Red II install root.exe, which provides attackers with a live backdoor facility for remaining in control of a Web server.

The patches do not necessarily remove the root.exe facility, Netcraft noted. The percentage of IIS SSL sites with root.exe installed has risen steadily from around 6 percent in May to nearly 13 percent in August, according to Netcraft.

Netcraft also surveys millions of Web servers each month to determine what Web server software holds the greatest market share. In August, IIS was the only one of the three major Web servers to gain market share among all Web sites, Netcraft found.

IIS usage rose by 0.38 percent, while the open source Apache Web server dropped 0.2 percent and Sun-Netscape's iPlanet dropped 0.02 percent. Apache still runs on more than twice as many sites as IIS, which is about 10 times as common as iPlanet.

Netcraft said that it is too early to tell if the predictions of mass migrations away from IIS by users disgusted by Code Red and other IIS-related vulnerabilities will occur.

"Our data was collected at the start of the month, and we will have a clearer picture of whether Code Red has caused any significant movement away from Microsoft-IIS in September," Netcraft said.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.