Over 511 000 End-of-Life Microsoft IIS instances seen in our daily scans, out of those over 227 000 instances that are beyond the official Microsoft Extended Security Updates (ESU) period. We now tag those 'eol-iis' and 'eos-iis' respectively in our Vulnerable HTTP reports.

Raw IP data shared in https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/ filtered by recipient network/constituency

Top countries running outdated IIS instances: China & USA

EOL IIS Dashboard World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=eol-iis%2B&data_set=count&scale=log&auto_update=on

EOS (beyond ESU) IIS Dashboard World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=http_vulnerable&source=http_vulnerable6&tag=eos-iis%2B&data_set=count&scale=log&auto_update=on

More on associated risks & on reducing attack surface from EOL devices from US CISA https://www.cisa.gov/resources-tools/resources/reducing-attack-surface-end-support-edge-devices

MS IIS lifecycle: https://learn.microsoft.com/en-us/lifecycle/products/internet-information-services-iis

MS Extended Security Update program (ESU) https://learn.microsoft.com/en-us/lifecycle/products/internet-information-services-iis

⚠️ Update: #Iran's internet blackout has entered its 20th day, with international connectivity unavailable to the general public for over 456 hours.

The incident is now the longest recorded shutdown in Iran's history, surpassing the blackout imposed during protests in January.

ich🐩iel

geposted von u/Nashibirne
https://www.reddit.com/r/ich_iel/comments/1rota2t/ichiel/