News

Netcraft: MDAC Vulnerability Affects Small Number of IIS Servers

Netcraft is trying to correct a misimpression surrounding Microsoft's two-week-old security bulletin involving Microsoft Data Access Components (MDAC).

Netcraft is well known for its monthly updates on the number of Web servers running Apache versus Internet Information Services. A Bloomberg news article about the MDAC vulnerability, a problem Microsoft labeled "critical," noted that Netcraft's figures put about 4 million active IIS servers out there -- making the vulnerability appear quite widespread.

But Netcraft says that in its own security testing business, it finds that the percentage of sites using the affected part of MDAC, the Remote Data Services, is very small.

"Approximately 8 percent of Microsoft-IIS sites tested in 2001 had RDS open to the public; in 2002 this has fallen to around 5 percent," Netcraft notes.

RDS is not enabled by default in IIS 5. RDS was introduced and enabled by default with IIS 4, but Microsoft's security checklists and IIS lockdown tool encourage Web masters to disable it.

"Almost no Microsoft-IIS/5.0 sites we have tested were offering RDS and the proportion of Microsoft-IIS/4.0 sites offering RDS is fairly stable at around one in four," Netcraft officials say. The caveats, according to Netcraft, are that its customer sample is fairly small and that sample is weighted toward IIS 5 customers. "But we think that only a fairly small section of the Microsoft-IIS community is likely to use RDS, and that it is rarely enabled on public sites."

Meanwhile, since October, Microsoft's IIS has enjoyed a slight gain in share among active Web sites, although the open source Apache Web server still dominates the market.

The November Netcraft numbers, released Monday, show IIS gained 0.53 points of share, climbing from 25.06 percent of active sites to 25.59 percent. In raw numbers, IIS sites went from about 4 million sites to nearly 4.25 million sites. Apache, meanwhile, stayed above 10 million active sites and runs nearly 65 percent of active sites, according to Netcraft.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.