-
IIS 7 Released !!!!
-
It is official now :) lazy to type.... head over to Bill Staples blog post for more info :)
Together with many great stuff from IIS team, including the new FTP component, FPSE, and Web Playlist :) (errr.. related to media server if you are in to media streaming)
Last but not least..... the IIS 7 Resource Kit book, well - this one still with the printing company :) should be at your major book store next month. I have the opportunity to write along with many IIS Gurus including Brett Hill, Mike Volodarsky and lot more. Be sure you get a copy asap!.
-
Security Alerts - February 2008
-
In this month security bulletin, there are two important bulletins related to IIS, depend on your environment setup, though it is rated as important, you might want to patch it asap. Here's the bulletin details.
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
Take note that for 08-005, it affects IIS 5.0, 5.1, 6.0 and even 7.0 :) (except if you got Vista SP1 or W2k8 RTM), per the bulletin article, IIS 6.0 the vulnerability point is via MSFTPSVC and NNTPSVC.
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
For 08-006, affected IIS version include IIS 5.1 and 6.0. IIS 5.0 running on W2k SP4 is not affected, same apply to Vista and W2k8. The exploit works via on ASP component.
It is worth mention that, together with two bulletins - IIS 6.0 patches/fixes are still relatively low :) I mean you can count it with one hand ? 1, 2, 3, 4! I lost track a bit as this doesn't happen from time to time so not sure when is the last one. Anyway, per search result. IIS 6.0 related - we got 4. The two above + MS06-034 and MS04-030.
There's no critical bulletin for IIS 6.0 up to date and per information from Microsoft, the latest two vulnerabilities are discovered in-house, and not by the bad guys out there.