News

Netcraft: MDAC Vulnerability Affects Small Number of IIS Servers

Netcraft is trying to correct a misimpression surrounding Microsoft's two-week-old security bulletin involving Microsoft Data Access Components (MDAC).

Netcraft is well known for its monthly updates on the number of Web servers running Apache versus Internet Information Services. A Bloomberg news article about the MDAC vulnerability, a problem Microsoft labeled "critical," noted that Netcraft's figures put about 4 million active IIS servers out there -- making the vulnerability appear quite widespread.

But Netcraft says that in its own security testing business, it finds that the percentage of sites using the affected part of MDAC, the Remote Data Services, is very small.

"Approximately 8 percent of Microsoft-IIS sites tested in 2001 had RDS open to the public; in 2002 this has fallen to around 5 percent," Netcraft notes.

RDS is not enabled by default in IIS 5. RDS was introduced and enabled by default with IIS 4, but Microsoft's security checklists and IIS lockdown tool encourage Web masters to disable it.

"Almost no Microsoft-IIS/5.0 sites we have tested were offering RDS and the proportion of Microsoft-IIS/4.0 sites offering RDS is fairly stable at around one in four," Netcraft officials say. The caveats, according to Netcraft, are that its customer sample is fairly small and that sample is weighted toward IIS 5 customers. "But we think that only a fairly small section of the Microsoft-IIS community is likely to use RDS, and that it is rarely enabled on public sites."

Meanwhile, since October, Microsoft's IIS has enjoyed a slight gain in share among active Web sites, although the open source Apache Web server still dominates the market.

The November Netcraft numbers, released Monday, show IIS gained 0.53 points of share, climbing from 25.06 percent of active sites to 25.59 percent. In raw numbers, IIS sites went from about 4 million sites to nearly 4.25 million sites. Apache, meanwhile, stayed above 10 million active sites and runs nearly 65 percent of active sites, according to Netcraft.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.