In its Patch Tuesday release for May 2021 Microsoft released guidance and a patch for CVE-2021-31166. We’ve been tracking the research on it, and recommend that those with this vulnerability on their Microsoft IIS servers patch it immediately.
To give you a little insight, there are a few reasons that this particular vulnerability has warranted the additional research from the industry and our team:
Given the rise in ransomware, and the wormability of this vulnerability, it’s a good time to check your IIS servers and make sure that for those newer Windows 10 servers affected that CVE-2021-31166 has been patched. Let’s get it off of those systems before attackers find a way to exploit it.
If you’re not yet familiar with CyCognito, sign up for a demo and let us show you all of your IIS servers. The ones you know about, and the ones you don’t.
Our platform takes the attackers’ perspective to help you dramatically reduce your overall business risk and increase efficiency. With no deployment required, it autonomously discovers and maps your organization’s entire attack surface, including previously unknown assets in on-premises, cloud, partner and subsidiary environments. With an understanding of the business context of your assets and what is most attractive to attackers, it then detects and prioritizes your organization’s most easily exploitable exposures, the attackers’ paths of least resistance. Your security team knows where to focus first to eliminate those risks, while prescriptive remediation guidance and efficient validation speed their work.
Alex Zaslavsky, a former Senior Product Manager at CyCognito, has more than 15 years of infosec experience working on data analytics, system development, architecture and technical product management, in addition to being a veteran of the 8200 unit.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
Discover insights on application security, exposure management and other key topics below.
The definitive guide to attack surface management. Learn everything you need to know to reduce your cyber security risk with attack surface management.
Exposure management is a set of processes which allow organizations to assess the visibility, accessibility, and risk factors of their digital assets.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.
Explore CyCognito modules ASM, AST and EI in the resources below.
Scalable, continuous, and comprehensive testing for all external assets, all the time.
CyCognito Automated Security Testing dynamically applies payload-based testing techniques across your entire external attack surface.
CyCognito Exploit Intelligence uses threat intelligence about attackers’ behavior and exploitability for enhanced prioritization.