Microsoft tweaks IIS patch

Some customers ran into trouble while trying to install MS06-034, which addresses a remote code execution flaw in Internet Information Services (IIS).

Microsoft has tweaked one of the security updates it released last week, after customers reported installation problems.

The issues affected MS06-034, which addressed a remote code execution flaw in Internet Information Services (IIS). Microsoft said in its bulletin that attackers could exploit the vulnerability in its Web server software by constructing a specially crafted Active Server Pages .asp file, potentially allowing remote code execution if the IIS processes the specially crafted file.

Craig Gehre, release manager for the Microsoft Security Response Center, announced the patch fixes in the center's blog Tuesday. He described two minor problems that had to be addressed:

"One issue was that even though you installed the update you could still be getting it reoffered to you via Windows Update, Microsoft Update, Automatic Update, or WSUS (Windows Server Update Services)," he said. "In some cases we were detecting on a file you may not even have on your system."

He said the second issue was that users running Windows Server 2003 SP1 may not have been re-offered the update after a failed install. "If you installed the update while IIS was using the file ASP.dll, the package may appear to install correctly, but it did not," he said.

Both issues have been addressed, but since the second issue might have involved a silent failure, Gehre recommended all Windows 2003 SP1 users rerun detection of the patch on their systems to make sure they are properly updated.

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close