Sep 03, 2009
It’s been a busy few days on the IIS Security Team. Earlier this week, a vulnerability was found in the IIS FTP server. We have been working with security teams across Microsoft to research the issue and formulate a response to best protect our customers...
6 comments
Apr 13, 2009
We've had a few people on our forums asking about running Perl on IIS 7. This led to some discussion on the team about getting it to work with FastCGI. The team has been doing a lot of great work with the Web Platform Installer and Windows Web App Gallery...
5 comments
Dec 18, 2008
2008 has been a busy year for attackers exploiting SQL Injection vulnerabilities in web applications. Once again, I am finding questions about this subject in my inbox. Earlier today, I found myself reviewing the material that's been published by Microsoft...
5 comments
Dec 18, 2008
This article is specific to IIS 6 and earlier. If you are using IIS 7.0 or later, please see this article . The IIS team has created an add-on tool for IIS called UrlScan that is able to filter HTTP requests. If a request is found to have contents deemed...
4 comments
Dec 18, 2008
This article is specific to IIS 7 and later. If you are using IIS 6.0 or earlier, please see this article . Starting with version 7.0, IIS has a built-in feature that is able to filter HTTP requests. If a request is found to have contents deemed unacceptable...
8 comments
Oct 31, 2008
Earlier this year, it came to our attention that our customers were being subjected to a SQL Injection attack . In response to that, we updated the venerable UrlScan filter and released version 3.0 with new features that provide tools to provide some...
11 comments
Jun 24, 2008
The IIS team has some street smarts when it comes to security. We learned quite a few lessons the hard way back in 2001 with the outbreak of the CodeRed worm. One of the lesser known facts about the Code Red worm is that the vulnerability it exploited...
37 comments
Mar 02, 2007
So here it is, my first ever blog post. I am not new to posting about IIS on the internet. A quick newsgroup search reminds me that I've posted to around 900 threads related to IIS. The first time was on June 10, 1997, where I helped someone to get "server...
13 comments
Tags: IIS News Item