Mitigation Instructions for CVE-2024-28987
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
1 min read
CyRisk Vulnerability Management Team : Jun 18, 2024 6:08:09 PM
SUBJECT: Microsoft-IIS/7.0 Unsupported Web Server Detection
TECH STACK: Microsoft Internet Information Services (IIS) version 7.0
CRITICALITY: HIGH
OVERVIEW:
Microsoft-IIS/7.0 is an outdated version of Microsoft's web server software. Microsoft has ended support for IIS 7.0, meaning it no longer receives security updates, patches, or technical support. This lack of updates leaves servers running IIS 7.0 vulnerable to security risks, including known exploits, vulnerabilities, and compatibility issues with modern web applications and standards.
THREAT INTELLIGENCE:
Unsupported software is a prime target for attackers because it no longer receives security updates, making it vulnerable to known exploits. Attackers can leverage these unpatched vulnerabilities to compromise the server, leading to data breaches, unauthorized access, and other security incidents.
SOLUTION:
Steps to Mitigate:
Upgrade to a Supported Version of IIS:
iisreset /status
Migrate to a New Server (if necessary):
Security Hardening:
Monitoring and Maintenance:
REFERENCES:
Subject: Mitigating CVE-2024-28987: Hardcoded Credentials Vulnerability in SolarWinds Web Help Desk
Subject: Mitigating CVE-2017-1000486: Remote Code Execution Vulnerability in PrimeTek PrimeFaces
Subject: Mitigating Vulnerability in Unsupported Drupal 8.x