IIS 6.0 users head towards new security dangers

RiskIQ has found that 24 of the top 30 FTSE-listed companies in the UK are running web servers, which will be out of support in less than a week.

Among the top 30 FTSE companies, more than 73,000 instances of web servers were in use. Microsoft's IIS 6.0 was the sixth most popular server. The research found it was also used to host high profile websites of some of the largest FTSE companies in the UK, although some organisations run it on forgotten networks or as test servers.

Users of IIS 6.0 have several days left before support fully ends on 14th July. But the research also found over 400 instances of top FTSE companies still using the outdated IIS 5.0, having not been supported by Microsoft in over a year.

Ben Harknett, RiskIQ managing director EMEA, says: “Due to the lack of availability of critical security updates for IIS 6.0 beyond 14th July, hackers will be able to more easily exploit its security weaknesses, accessing systems and using company websites to serve malware to unsuspecting users. Companies are running the risk of operating a webserver as a ticking time bomb of vulnerabilities and reliability issues after that date.”