Article

Microsoft tweaks IIS patch

Bill Brenner
Microsoft has tweaked one of the security updates it released last week, after customers reported installation problems.

The issues affected MS06-034

    Requires Free Membership to View

, which addressed a remote code execution flaw in Internet Information Services (IIS). Microsoft said in its bulletin that attackers could exploit the vulnerability in its Web server software by constructing a specially crafted Active Server Pages .asp file, potentially allowing remote code execution if the IIS processes the specially crafted file.

Craig Gehre, release manager for the Microsoft Security Response Center, announced the patch fixes in the center's blog Tuesday. He described two minor problems that had to be addressed:

"One issue was that even though you installed the update you could still be getting it reoffered to you via Windows Update, Microsoft Update, Automatic Update, or WSUS (Windows Server Update Services)," he said. "In some cases we were detecting on a file you may not even have on your system."

He said the second issue was that users running Windows Server 2003 SP1 may not have been re-offered the update after a failed install. "If you installed the update while IIS was using the file ASP.dll, the package may appear to install correctly, but it did not," he said.

Both issues have been addressed, but since the second issue might have involved a silent failure, Gehre recommended all Windows 2003 SP1 users rerun detection of the patch on their systems to make sure they are properly updated.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: