Browse by Tags

All Tags » Community Info (RSS)
Security Alerts - June 2010
It is patch Tuesday :) and this month we've got 3 bulletins (Severity: Important) related to IIS. MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) http://www.microsoft.com/technet/security/bulletin/ms10...
Posted Wed, Jun 9 2010 by qbernard | with no comments
Filed under: , ,
Heads up - Microsoft IIS File Extension Processing Security Bypass Vulnerability
Update - 30th Dec MSRC response to the vulnerability claim. http://blogs.technet.com/msrc/archive/2009/12/29/results-of-investigation-into-holiday-iis-claim.aspx IIS team is working on a patch for this so called inconsistency feature :) >> Well...
Posted Fri, Dec 25 2009 by qbernard | with no comments
Filed under: , ,
WebDav Encoding Vulnerability - Fixed
Today, Microsoft released patch update for IIS 5.0/5.1/6.0 WebDav encoding issues with "/" character discovered last month , you can get the hotfix here .
Posted Wed, Jun 10 2009 by qbernard | with no comments
Filed under: , ,
Security Alert - Vulnerability in Internet Information Services Could Allow Elevation of Privilege
Two days ago, a new vulnerability was found in WebDav for IIS, although few have make a big deal out of it, personally I think the impact is 'quite' minimum or at least zero in my environment coz I got no WebDav at all :) LOL... anyway - here...
Posted Wed, May 20 2009 by qbernard | with no comments
Filed under: , , ,
ANEW MVP!
You know what.... for the past many years this very same day - I will get an email from Microsoft telling me that - Congrats, we are pleased to award you... as MVP from 200X to 200X. And each time I double check the source header, go to the award site...
Posted Wed, Apr 1 2009 by qbernard | 6 comment(s)
Filed under: ,
Top 8 - Web 2.0 Security Threats
Got this from a mailing list - the top 8 security threats in Web 2.0 applications. 1. Insufficient Authentication Controls 2. Cross Site Scripting (XSS) 3. Cross Site Request Forgery (CSRF) 4. Phishing 5. Information Leakage 6. Injection Flaws 7. Information...
Posted Wed, Feb 18 2009 by qbernard | 2 comment(s)
Filed under: ,
Improving Web Service Security: WCF
The Microsoft Patterns & Practices team just published a beta copy of Improving Web Service Security for WCF or code name Indigo last week. This is another great playbook from the team that gives us many great guides and practices in using Microsoft...
Posted Wed, Jun 11 2008 by qbernard | with no comments
Filed under: , ,
IIS KBs - April 2008
949516 Error message when you use the "IMSAdminBase::CopyKey" method as a part of the IIS 6.0 Compatibility components in IIS 7.0: "Exception from HRESULT: 0x80070003" 950735 Error message when you use the Configure Web Synchronization...
Posted Mon, May 26 2008 by qbernard | with no comments
Filed under: ,
IIS 7 Shared Hosting Summary
Damn! I love this blog post from Thomas , and you can easily noticed that IIS team has put lot of effort in shared hosting environment, from shared to delegated configuration, and all the way to process model improvements. The dynamicIdleThreshold for...
Posted Wed, May 14 2008 by qbernard | 1 comment(s)
Filed under: , ,
IIS FTP PassivePortRange
Years ago, I wrote the KB on passive port range at MSKB site - How To Configure PassivePortRange In IIS http://support.microsoft.com/?id=555022 Lazy to update the article for IIS 7.0 FTP detail, and I'm not going to add that here :) Coz you can get...
Posted Wed, May 14 2008 by qbernard | with no comments
Filed under: , ,
Security Alerts - April 2008 (Special)
Microsoft revised two security bulletins yesterday. One of which is related to .Net Framework published last year , not major update or new fixes but rather doc updates on changes related to releases of WinXP SP3. On the other hand, in the recent Hack...
Posted Thu, Apr 24 2008 by qbernard | 2 comment(s)
Filed under: ,
Security Alerts - April 2008
Oh well, been busy and no time to post this back then. In the routine patch Tuesday this month, Microsoft released 8 security bulletins with 5 of which in critical severity and one specific bulletin is related to IIS in a way. The 08-022 actually replaced...
Posted Wed, Apr 23 2008 by qbernard | with no comments
Filed under: ,
Security Alerts - March 2008 (Special)
Today, Microsoft released a major revision for a vulneribility reported last year on .Net Framework. If you running framework version 1.0, 1.1 and 2.0. Please apply the fix asap. Take note that even you are running 3.0, it is essentially using .Net Framework...
Posted Wed, Mar 26 2008 by qbernard | with no comments
Filed under: ,
Security Alerts - March 2008
In this month security bulletin , although all critical fixes are related to MS Office, one of the bulletin is related to Office Web Component and hence if you utilizing OWC in your web application, you need to apply the patch asap. Details: Vulnerabilities...
Posted Thu, Mar 13 2008 by qbernard | with no comments
Filed under: , ,
IIS 7 Released !!!!
It is official now :) lazy to type.... head over to Bill Staples blog post for more info :) Together with many great stuff from IIS team, including the new FTP component , FPSE , and Web Playlist :) (errr.. related to media server if you are in to media...
Posted Thu, Feb 28 2008 by qbernard | 3 comment(s)
Filed under: , , ,
Security Alerts - February 2008
In this month security bulletin , there are two important bulletins related to IIS, depend on your environment setup, though it is rated as important, you might want to patch it asap. Here's the bulletin details. Vulnerability in Internet Information...
Posted Wed, Feb 13 2008 by qbernard | with no comments
Filed under: , ,
Microsoft Web Deployment Tool aka IIS 7 Migration Tool with bonus features.
After a lonnnnng wait !! Today, the IIS team releases the new web deployment tool technical preview 1 :) The deployment tool called msdeploy.exe is essentially a migration toolkit similar with the one the shipped for IIS 6.0. However, the team spent extra...
Posted Thu, Jan 24 2008 by qbernard | 1 comment(s)
Filed under: , ,
IIS FTP and IE 7 (No user folder redirection)
Remember about this blog I posted last year... and many users still complaining about the new IE 7 behavior changes when connecting to IIS FTP. It is confirmed now - as per this latest KB , this is new design changed in IE 7 :) and you are recommended...
Posted Mon, Oct 8 2007 by qbernard | 2 comment(s)
Filed under: , ,
IIS KBs - September 2007 (New IIS 7 Status Code)
After a month of silent :) where no new KBs for IIS in previous month. September KB updates bring you lot of new status code in IIS 7.0, covering more detail than I previously posted. Here's the KB list for Sep 2007. 942037 Error message when you...
Posted Mon, Oct 8 2007 by qbernard | with no comments
Filed under: ,
Windows Server 2008 - Release Candidate 0
RC0 is out ! I'm downloading it now..... Zzzz... but may take days from my location :( Anyway, can't wait to test drive it! The release page however does not shows the direct download links, you can search it at MS Download . You will see 5 flavors...
Posted Tue, Sep 25 2007 by qbernard | with no comments
Filed under: , ,
More Posts Next page »