Hello, welcome to the Tuesday, November 17th, 2020 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

One common problem with network security, of course, is to always sort of chase after the new and shiny thing, the latest

vulnerability, and well in the process of forgetting about a lot of the old vulnerabilities

that may be still hanging around. Jan took a look at Shodan to see how many of these older

vulnerabilities are still being exposed and

well right towards the top and interesting remote code execution vulnerability in the IIS

web server came up. Not sure if you remember, it was in 2015 when this vulnerability in HTTP.Sys was

originally discovered.

Good thing about this particular vulnerability, and maybe that's sort of what prevents

it from getting patched also is that they have never really been sort of a full remote code execution

proof of concept published for this vulnerability. The only exploits that were actually being

published were denial of service and information leakage of vulnerabilities. Next couple of 2019 vulnerabilities,

the XM vulnerability.

NSA, a couple of government agencies have warned about this vulnerability multiple times,

but yes, still over a quarter million of vulnerable systems exposed.

And of course, the other 2019 one is a blue keep.

Lastly, heart bleed of all vulnerabilities.

That one was very heavily advertised and people were heavily pushed to patch it.

Still 200,000 machines exposed.

So the big problem here is we do have hundreds of thousands of unmaintained systems connected to the internet,

just waiting to be exploited in some form. Hope these are not systems that any of my

...