Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period. We now tag those 'eol-iis' and 'eos-iis' respectively in our Vulnerable HTTP reports.

Raw IP data shared in https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ filtered by recipient network/constituency

Top countries running outdated IIS instances: China & USA

EOL IIS Dashboard World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=eol-iis%2B&data_set=count&scale=log&auto_update=on

EOS (beyond ESU) IIS Dashboard World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=eos-iis%2B&data_set=count&scale=log&auto_update=on

More on associated risks & on reducing attack surface from EOL devices from US CISA https://www.cisa.gov/resources-tools/resources/reducing-attack-surface-end-support-edge-devices

MS IIS lifecycle: https://learn.microsoft.com/en-us/lifecycle/products/internet-information-services-iis

MS Extended Security Update program (ESU) https://learn.microsoft.com/en-us/lifecycle/products/internet-information-services-iis