In server farms and data centers across the country, a problem so big exists that nobody knows exactly how many older Windows Servers are still running. They are probably on equipment well past its use-by date, as the applications they still run loyally blink in darkened server rooms while the rest of the workforce remains blissfully unaware.
Keeping popular Microsoft Servers secure
Organizations in the United States have widely used Microsoft Server for nearly 30 years. From NT 3 to Server 2023, these servers are versatile and can run various tasks. Unlike modern applications, which are highly specialized, Microsoft Server can handle tasks such as running SQL servers, web applications (IIS and Sharepoint), email (Exchange), and legacy Visual Studio (VB, .Net, C#) and earlier (VB5/6) applications that formed the early IT infrastructure of corporate America.
However, the ability of these multi-role servers to handle numerous tasks has also created a significant problem. The wide range of applications they can support makes them very difficult to secure.
Keeping older versions of Windows and Linux servers secure has become increasingly difficult. Although they are well-secured behind firewalls, load balancers, and WAFs, the multitude of web and server-side applications running on them are what actually pose the largest security risk.
Maintaining these servers is challenging, whether by Sys Admins migrating some to the cloud or maintaining decades-old physical boxes. Applications written in Visual Studio introduce multiple vulnerabilities, as patches may not be available, or the source code may be difficult to maintain or upgrade. Additionally, older applications with a web user interface expose the server environment to various vulnerabilities, including OWASP and legacy versions of MS-SQL Server, MySQL, and even MS Access.
But every Windows Server brings with it the ultimate blind spot—they can all execute EXEs—the shorthand name or file extension from early DOS days—and most Windows Servers are backward compatible with up to 90% of EXEs. How do you lock down EXEs you’ve never heard of or installed before? What good is allowlisting (read why we prefer to call it allowlisting vs. whitelisting) when you don't know the names of the files?
With Windows Server capable of executing EXEs, it's difficult to monitor and control the execution of unknown and unauthorized EXEs. Our analysis of various kill chains shows these vulnerabilities allow rapid execution of Remote Code Execution (RCE) attacks, which can compromise a server within seconds. Traditional security measures such as EDR/MDR and SIEMs are ineffective in preventing such attacks.
Purpose-built for legacy Windows Servers
A thriving marketplace on the Dark Web focuses on hijacking EXEs customized to infiltrate Windows Servers and evade detection by antivirus tools, CVE scanners, and intrusion detection methods. In response to these techniques, the Virsec Security Platform (VSP) has been developed to provide a truly secure and unintrusive solution for server farms.
For more insights on mitigating the security risks of legacy OS, check out Virsec’s newest tools: TrustSight and TrustGuardian.
Don't miss our security insights, and subscribe to our blog now.
