Today, Microsoft released patch update for IIS 5.0/5.1/6.0 WebDav encoding issues with "/" character discovered last month , you can get the hotfix here .

Two days ago, a new vulnerability was found in WebDav for IIS, although few have make a big deal out of it, personally I think the impact is 'quite' minimum or at least zero in my environment coz I got no WebDav at all :) LOL... anyway - here is the security advisory from Microsoft. To know more about the vulnerability, you should read this blog post, beside the same basic info you will find over at Microsoft site, it also got a few diagrams to illustrate about the vulnerability and gives

Share you vision about the future you like to see!! http://www.intel.com/tomorrow/ Sponsored by Intel of coz :)

A year ago... Cesar Cerrudo presented a serious vulnerability via evalvation of privilege involving the NetworkService or LocalService account specific to IIS worker process. Although Microsoft addressed this in April last year, but it was more towards workaround to get rid of the actual issue, and today after a long wait, and some serious testings, Microsoft releases a security bulletin update to close this gap, I have yet to test this :) busy again !!! and you should test it out in lab env before

You know what.... for the past many years this very same day - I will get an email from Microsoft telling me that - Congrats, we are pleased to award you... as MVP from 200X to 200X. And each time I double check the source header, go to the award site to make sure that it is not a prank, since you know it is April's Fool today :) Anyway, I got renewed, still hang around iis.net or directaccess newsgroups and been really busy. Hopefully somewhere in Q2 will have more time for newsgroups/forums

Got this from a mailing list - the top 8 security threats in Web 2.0 applications. 1. Insufficient Authentication Controls 2. Cross Site Scripting (XSS) 3. Cross Site Request Forgery (CSRF) 4. Phishing 5. Information Leakage 6. Injection Flaws 7. Information Integrity 8. Insufficient Anti-automation Get the full detail here , what do you think? In my case, #2 and #6 are the two major challenges in my environment.

Errr.... 2 yrs ago I told you I wrote the last ever IIS Insider column for MS!!! Chris Adam back then even put up a notice to inform everyone. Believe me, the URL is valid back then.... after MS site reorg, yeah! happen every quarter you know :) so it got 'integrated' with 'technet', last I heard it was making it way to iis.net, and yet nothing happen since then. The Sep 2006 issue is missing now! the last archive is Aug 2006 Anyway, I felt that one of the Q&A is very useful

IIS Insider: September 2006 By Bernard Cheah, IIS Insider is a monthly column designed to answer your questions on how to troubleshoot and make the most of Microsoft Internet Information Services (IIS). The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real companies, organizations, products, domain names, e-mail addresses, logos, persons, places, or events are intended or should

Yo yo yo.. happy 2009. Oops! 2 weeks late.. wtf Good news - Alive and kicking!!! !@$!#@%#@% Bad news - Freaking busy with work and life It is getting tougher with the current economy climate... is it bottom yet ? or the market still sinking slowly ? No worries, I'm NOOB when it comes to investment, so I'm not directly 'impacted', yet all businesses are not spare, and now - cost saving/cutting/reduction/friendly/inovation/etc are in my daily task lists, everything is about $$$. Hehehe

950573 FIX: Application domains restart unexpectedly in Internet Information Services 7.0 954874 IIS binds to all IP addresses on a server when you install IIS 7.0 on Windows Server 2008 954872 How to create and manage configuration backups in Internet Information Services 7.0 954756 You experience issues when you host a Web application that contains lots of ASP files in IIS 954857 The Windows Process Activation Service and the World Wide Web Publishing Service are set to a Stopped state after you