Microsoft tweaks IIS patch


Microsoft tweaks IIS patch

Bill Brenner, Senior News Writer

Microsoft has tweaked one of the security updates it released last week, after customers reported installation problems.

The issues affected MS06-034

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

, which addressed a remote code execution flaw in Internet Information Services (IIS). Microsoft said in its bulletin that attackers could exploit the vulnerability in its Web server software by constructing a specially crafted Active Server Pages .asp file, potentially allowing remote code execution if the IIS processes the specially crafted file.

Craig Gehre, release manager for the Microsoft Security Response Center, announced the patch fixes in the center's blog Tuesday. He described two minor problems that had to be addressed:

"One issue was that even though you installed the update you could still be getting it reoffered to you via Windows Update, Microsoft Update, Automatic Update, or WSUS (Windows Server Update Services)," he said. "In some cases we were detecting on a file you may not even have on your system."

He said the second issue was that users running Windows Server 2003 SP1 may not have been re-offered the update after a failed install. "If you installed the update while IIS was using the file ASP.dll, the package may appear to install correctly, but it did not," he said.

Both issues have been addressed, but since the second issue might have involved a silent failure, Gehre recommended all Windows 2003 SP1 users rerun detection of the patch on their systems to make sure they are properly updated.