Netcraft: MDAC Vulnerability Affects Small Number of IIS Servers

Netcraft is trying to correct a misimpression surrounding Microsoft's two-week-old security bulletin involving Microsoft Data Access Components (MDAC).

Netcraft is well known for its monthly updates on the number of Web servers running Apache versus Internet Information Services. A Bloomberg news article about the MDAC vulnerability, a problem Microsoft labeled "critical," noted that Netcraft's figures put about 4 million active IIS servers out there -- making the vulnerability appear quite widespread.

But Netcraft says that in its own security testing business, it finds that the percentage of sites using the affected part of MDAC, the Remote Data Services, is very small.

"Approximately 8 percent of Microsoft-IIS sites tested in 2001 had RDS open to the public; in 2002 this has fallen to around 5 percent," Netcraft notes.

RDS is not enabled by default in IIS 5. RDS was introduced and enabled by default with IIS 4, but Microsoft's security checklists and IIS lockdown tool encourage Web masters to disable it.

"Almost no Microsoft-IIS/5.0 sites we have tested were offering RDS and the proportion of Microsoft-IIS/4.0 sites offering RDS is fairly stable at around one in four," Netcraft officials say. The caveats, according to Netcraft, are that its customer sample is fairly small and that sample is weighted toward IIS 5 customers. "But we think that only a fairly small section of the Microsoft-IIS community is likely to use RDS, and that it is rarely enabled on public sites."

Meanwhile, since October, Microsoft's IIS has enjoyed a slight gain in share among active Web sites, although the open source Apache Web server still dominates the market.

The November Netcraft numbers, released Monday, show IIS gained 0.53 points of share, climbing from 25.06 percent of active sites to 25.59 percent. In raw numbers, IIS sites went from about 4 million sites to nearly 4.25 million sites. Apache, meanwhile, stayed above 10 million active sites and runs nearly 65 percent of active sites, according to Netcraft.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus