UK Internet research firm Netcraft has released its latest web server survey for November 2002, with some interesting observations on the pervasiveness of the recently discovered MDAC vulnerability on IIS servers. Assessments by Foundstone, the security company that discovered the hole, and Microsoft had claimed millions of systems might be affected, prompting fears of attacks on the scale of last year’s Code Red. But Netcraft’s sample data indicates that few IIS servers are running the susceptible Remote Data Service: just 5% of all IIS sites this year, down from 8% in 2001. Although their projections are based on a limited set of several hundred systems, they still indicate that the hole isn’t as widespread as once thought. Nevertheless, all Windows NT, Me, and 2000 users are still encouraged to download the patch to be safe.

(N-Stalker Security Force)