Browse by Tags

All Tags » IIS News (RSS)
Security Alerts - June 2010
It is patch Tuesday :) and this month we've got 3 bulletins (Severity: Important) related to IIS. MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) http://www.microsoft.com/technet/security/bulletin/ms10...
Posted Wed, Jun 9 2010 by qbernard | with no comments
Filed under: , ,
MS10-24 reset SMTP Configuration
If you have patched MS10-24 recently, you will encounter SMTP configuration option being reset or revert to default after the patch. Hence, please backup the IIS metabase before patchin the node, for more info - read this KB article .
Posted Tue, May 4 2010 by qbernard | with no comments
Filed under: ,
Heads up - Microsoft IIS File Extension Processing Security Bypass Vulnerability
Update - 30th Dec MSRC response to the vulnerability claim. http://blogs.technet.com/msrc/archive/2009/12/29/results-of-investigation-into-holiday-iis-claim.aspx IIS team is working on a patch for this so called inconsistency feature :) >> Well...
Posted Fri, Dec 25 2009 by qbernard | with no comments
Filed under: , ,
IIS DebugDiag x64 is out
Previously, the x86 version you are able to debug 32bit worker processes running on 32/64bit OSes, with this release - you can now debug a full 64bit worker processes. Here's the link at Microsoft download, and addtional note for x64 release Notes...
Posted Fri, Oct 30 2009 by qbernard | with no comments
Filed under: , , ,
Security Alert - Vulnerability in Internet Information Services Could Allow Elevation of Privilege
Two days ago, a new vulnerability was found in WebDav for IIS, although few have make a big deal out of it, personally I think the impact is 'quite' minimum or at least zero in my environment coz I got no WebDav at all :) LOL... anyway - here...
Posted Wed, May 20 2009 by qbernard | with no comments
Filed under: , , ,
Token Kidnapping - Fixed
A year ago... Cesar Cerrudo presented a serious vulnerability via evalvation of privilege involving the NetworkService or LocalService account specific to IIS worker process. Although Microsoft addressed this in April last year, but it was more towards...
Posted Tue, Apr 14 2009 by qbernard | with no comments
Filed under: , ,
Top 8 - Web 2.0 Security Threats
Got this from a mailing list - the top 8 security threats in Web 2.0 applications. 1. Insufficient Authentication Controls 2. Cross Site Scripting (XSS) 3. Cross Site Request Forgery (CSRF) 4. Phishing 5. Information Leakage 6. Injection Flaws 7. Information...
Posted Wed, Feb 18 2009 by qbernard | 2 comment(s)
Filed under: ,
IIS Insider - Zzz...
Errr.... 2 yrs ago I told you I wrote the last ever IIS Insider column for MS!!! Chris Adam back then even put up a notice to inform everyone. Believe me, the URL is valid back then.... after MS site reorg, yeah! happen every quarter you know :) so it...
Posted Thu, Jan 22 2009 by qbernard | 2 comment(s)
Filed under: ,
IIS Insider - September 2006 Issue - Repost
IIS Insider: September 2006 By Bernard Cheah, IIS Insider is a monthly column designed to answer your questions on how to troubleshoot and make the most of Microsoft Internet Information Services (IIS). The example companies, organizations, products,...
Posted Wed, Jan 21 2009 by qbernard | with no comments
Filed under: ,
Ping Ping Ping!!!
Yo yo yo.. happy 2009. Oops! 2 weeks late.. wtf Good news - Alive and kicking!!! !@$!#@%#@% Bad news - Freaking busy with work and life It is getting tougher with the current economy climate... is it bottom yet ? or the market still sinking slowly ? No...
Posted Tue, Jan 13 2009 by qbernard | with no comments
Filed under: ,
How to Detect, Identify and Defend against SQL Injection?
SQL Injection has been around for many years :) and you probably get over 3 million results when you googled the term. so why is it so HOT now? Well, not so long ago some folks (don't ask me who!!, go read) were claiming that it was an IIS exploit...
Posted Wed, Jun 25 2008 by qbernard | 2 comment(s)
Filed under: , ,
IIS KBs - May 2008
Well, for last month we got zero new IIS KB articles, yet few are related to IIS in certain way. 941850 When you try to access files on a WebDAV site that uses only Digest authentication, the process may fail on a Windows Vista-based computer 942039 FIX...
Posted Wed, Jun 11 2008 by qbernard | with no comments
Filed under: ,
Improving Web Service Security: WCF
The Microsoft Patterns & Practices team just published a beta copy of Improving Web Service Security for WCF or code name Indigo last week. This is another great playbook from the team that gives us many great guides and practices in using Microsoft...
Posted Wed, Jun 11 2008 by qbernard | with no comments
Filed under: , ,
IIS 7 Shared Hosting Summary
Damn! I love this blog post from Thomas , and you can easily noticed that IIS team has put lot of effort in shared hosting environment, from shared to delegated configuration, and all the way to process model improvements. The dynamicIdleThreshold for...
Posted Wed, May 14 2008 by qbernard | 1 comment(s)
Filed under: , ,
IIS FTP PassivePortRange
Years ago, I wrote the KB on passive port range at MSKB site - How To Configure PassivePortRange In IIS http://support.microsoft.com/?id=555022 Lazy to update the article for IIS 7.0 FTP detail, and I'm not going to add that here :) Coz you can get...
Posted Wed, May 14 2008 by qbernard | with no comments
Filed under: , ,
Security Alerts - April 2008 (Special)
Microsoft revised two security bulletins yesterday. One of which is related to .Net Framework published last year , not major update or new fixes but rather doc updates on changes related to releases of WinXP SP3. On the other hand, in the recent Hack...
Posted Thu, Apr 24 2008 by qbernard | 2 comment(s)
Filed under: ,
IIS KBs - March 2008
948801 If an SMTP connector set the Outbound Security option to "Integrated Windows Authentication," the SMTP connector does not work in the IIS Metabase when you restore an Exchange Server 2003 server by using a Disaster Recovery mode 949455...
Posted Wed, Apr 23 2008 by qbernard | with no comments
Filed under: ,
Security Alerts - April 2008
Oh well, been busy and no time to post this back then. In the routine patch Tuesday this month, Microsoft released 8 security bulletins with 5 of which in critical severity and one specific bulletin is related to IIS in a way. The 08-022 actually replaced...
Posted Wed, Apr 23 2008 by qbernard | with no comments
Filed under: ,
Security Alerts - March 2008 (Special)
Today, Microsoft released a major revision for a vulneribility reported last year on .Net Framework. If you running framework version 1.0, 1.1 and 2.0. Please apply the fix asap. Take note that even you are running 3.0, it is essentially using .Net Framework...
Posted Wed, Mar 26 2008 by qbernard | with no comments
Filed under: ,
IIS 7.0 Administration Pack!
Wow, what can I say? The IIS product team is really spending lot of effort you give you the best experience for IIS 7.0. Today, they released technical preview one for the brand new administration pack! you can take this as UI addon to various configuration...
Posted Fri, Mar 21 2008 by qbernard | 2 comment(s)
Filed under: ,
More Posts Next page »