Northern Kentucky University
Evaluating the Impact of Microsoft IIS Vulnerabilities
Institution
Northern Kentucky University
Faculty Advisor/ Mentor
Maureen Doyle; James Walden
Abstract
Microsoft’s Internet Information Server (IIS) is deployed on over 20% of all web servers, including servers in the state of Kentucky. IIS has been used by large scale network providers like Insight Communications and by public institutions like the Wolfe County Public Library. Out of date versions of IIS exposed users to known vulnerabilities, including eight in version 5.0, seven in version 5.1, and nine in version 6.0 according to Microsoft Security Bulletins and the Common Vulnerabilities and Exposures (CVE) database. One vulnerability of particular note was CVE-2009-1535, which affected Microsoft-IIS server versions 5.0 to 6.0. By using this flaw, a hacker could have granted themselves administrative privileges over the device and stolen or destroyed its data. CVE-2009-1535 is ranked as the sixth worst vulnerability that Microsoft-IIS has seen in the last eleven years using the CVSS 2.0 severity ranking system. Through mining Internet-scale network port scan data, we identified versions and locations of IIS servers throughout the entire IPv4 space. We found that old versions of Microsoft-IIS were deployed on many servers, with 1.35% of IIS servers running version 5.0, 0.51% version 5.1, and 39% running version 6.0. We also mapped the location of these servers, 4% of which (over 70,000 in number) were still vulnerable to CVE-2009-1535.
Evaluating the Impact of Microsoft IIS Vulnerabilities
Microsoft’s Internet Information Server (IIS) is deployed on over 20% of all web servers, including servers in the state of Kentucky. IIS has been used by large scale network providers like Insight Communications and by public institutions like the Wolfe County Public Library. Out of date versions of IIS exposed users to known vulnerabilities, including eight in version 5.0, seven in version 5.1, and nine in version 6.0 according to Microsoft Security Bulletins and the Common Vulnerabilities and Exposures (CVE) database. One vulnerability of particular note was CVE-2009-1535, which affected Microsoft-IIS server versions 5.0 to 6.0. By using this flaw, a hacker could have granted themselves administrative privileges over the device and stolen or destroyed its data. CVE-2009-1535 is ranked as the sixth worst vulnerability that Microsoft-IIS has seen in the last eleven years using the CVSS 2.0 severity ranking system. Through mining Internet-scale network port scan data, we identified versions and locations of IIS servers throughout the entire IPv4 space. We found that old versions of Microsoft-IIS were deployed on many servers, with 1.35% of IIS servers running version 5.0, 0.51% version 5.1, and 39% running version 6.0. We also mapped the location of these servers, 4% of which (over 70,000 in number) were still vulnerable to CVE-2009-1535.