Netcraft Finds IIS Locked Down in Wake of Code Red

Web server monitor Netcraft has documented that sites running Microsoft's IIS are substantially more locked down for security in the wake of Code Red than they were before the outbreak of the worm.

"The combination of the Code Red worm and the first cumulative patch for Microsoft-IIS has significantly improved the security of Microsoft-IIS systems on the Internet," Netcraft wrote in the August edition of its monthly report on Web server usage.

Netcraft tests several hundred Secure Sockets Layer (SSL) sites each month as part of its business, which includes automated penetration testing, site audits and site monitoring.

In July, almost 35 percent of IIS SSL sites tested by Netcraft were vulnerable to Code Red. In August, vulnerable sites fell to 2 percent.

The increased attention to IIS security and the cumulative IIS patches released by Microsoft contributed to sharp declines in other vulnerabilities as well. The percentage of IIS SSL sites where the server paths were revealed dropped from 50 percent in June to about 6 percent in August. Sites where administration pages were accessible fell from nearly 36 percent in June to 10 percent in August.

However, one vulnerability is on the increase -- sites with the root.exe installed. Both sadmind/IIS and Code Red II install root.exe, which provides attackers with a live backdoor facility for remaining in control of a Web server.

The patches do not necessarily remove the root.exe facility, Netcraft noted. The percentage of IIS SSL sites with root.exe installed has risen steadily from around 6 percent in May to nearly 13 percent in August, according to Netcraft.

Netcraft also surveys millions of Web servers each month to determine what Web server software holds the greatest market share. In August, IIS was the only one of the three major Web servers to gain market share among all Web sites, Netcraft found.

IIS usage rose by 0.38 percent, while the open source Apache Web server dropped 0.2 percent and Sun-Netscape's iPlanet dropped 0.02 percent. Apache still runs on more than twice as many sites as IIS, which is about 10 times as common as iPlanet.

Netcraft said that it is too early to tell if the predictions of mass migrations away from IIS by users disgusted by Code Red and other IIS-related vulnerabilities will occur.

"Our data was collected at the start of the month, and we will have a clearer picture of whether Code Red has caused any significant movement away from Microsoft-IIS in September," Netcraft said.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

  • Microsoft Suggests Disabling Old Protocols with Exchange Server 2019

    Exchange Server 2019 with Cumulative Update 2 (CU2) can help organizations rid themselves of old authentication protocols, which constitute a potential security risk.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.