Netcraft has warned that the Web is more vulnerable than ever, after reports of similar security holes in the two most-used Web-server applications.
With over half of the Internet's servers potentially vulnerable, conditions are "ripe for an epidemic of attacks" against sites running Microsoft Internet Information Server (IIS), or the open-source Apache Web-server software, Netcraft said in its monthly Web Server survey.
Microsoft increased the severity rating of a flaw in IIS versions 4.0 and 5.0, the Web-server components of Windows NT 4.0 and Windows 2000, to "critical". This was in response to what it called "a significant change in the threat environment" in a revised security bulletin, also issued on Monday.
The flaw in IIS lies in software that supports HTR scripting, an older and, according to Microsoft, "largely obsolete" scripting language. However, Netcraft found that about half of Web sites using Microsoft IIS have HTR scripting enabled.
Apache is the most commonly used Web-server software, running on 64 per cent of Web sites in June. Microsoft's software is second, with almost 25 percent of all Web sites, according to Netcraft.