Northern Kentucky University

Evaluating the Impact of Microsoft IIS Vulnerabilities

Institution

Northern Kentucky University

Abstract

Microsoft’s Internet Information Server (IIS) is deployed on over 20% of all web servers, including servers in the state of Kentucky. IIS has been used by large scale network providers like Insight Communications and by public institutions like the Wolfe County Public Library. Out of date versions of IIS exposed users to known vulnerabilities, including eight in version 5.0, seven in version 5.1, and nine in version 6.0 according to Microsoft Security Bulletins and the Common Vulnerabilities and Exposures (CVE) database. One vulnerability of particular note was CVE-2009-1535, which affected Microsoft-IIS server versions 5.0 to 6.0. By using this flaw, a hacker could have granted themselves administrative privileges over the device and stolen or destroyed its data. CVE-2009-1535 is ranked as the sixth worst vulnerability that Microsoft-IIS has seen in the last eleven years using the CVSS 2.0 severity ranking system. Through mining Internet-scale network port scan data, we identified versions and locations of IIS servers throughout the entire IPv4 space. We found that old versions of Microsoft-IIS were deployed on many servers, with 1.35% of IIS servers running version 5.0, 0.51% version 5.1, and 39% running version 6.0. We also mapped the location of these servers, 4% of which (over 70,000 in number) were still vulnerable to CVE-2009-1535.

This document is currently not available here.

Share

COinS
 

Evaluating the Impact of Microsoft IIS Vulnerabilities

Microsoft’s Internet Information Server (IIS) is deployed on over 20% of all web servers, including servers in the state of Kentucky. IIS has been used by large scale network providers like Insight Communications and by public institutions like the Wolfe County Public Library. Out of date versions of IIS exposed users to known vulnerabilities, including eight in version 5.0, seven in version 5.1, and nine in version 6.0 according to Microsoft Security Bulletins and the Common Vulnerabilities and Exposures (CVE) database. One vulnerability of particular note was CVE-2009-1535, which affected Microsoft-IIS server versions 5.0 to 6.0. By using this flaw, a hacker could have granted themselves administrative privileges over the device and stolen or destroyed its data. CVE-2009-1535 is ranked as the sixth worst vulnerability that Microsoft-IIS has seen in the last eleven years using the CVSS 2.0 severity ranking system. Through mining Internet-scale network port scan data, we identified versions and locations of IIS servers throughout the entire IPv4 space. We found that old versions of Microsoft-IIS were deployed on many servers, with 1.35% of IIS servers running version 5.0, 0.51% version 5.1, and 39% running version 6.0. We also mapped the location of these servers, 4% of which (over 70,000 in number) were still vulnerable to CVE-2009-1535.