July 2006 - Posts
916984 FIX: You experience high memory usage in the W3wp.exe process on a Windows Server 2003-based computer that has Internet Information Services (IIS) 6.0 installed
919073 How to isolate applications that are running on IIS 6.0 in a Web hosting environment
919797 FIX: You may receive an error message when you use a client application to connect to a server that is running IIS 6.0 or when you try to download files from the server
917557 FIX: You may experience slow performance when you use Integrated Windows authentication together with the Kerberos authentication protocol in IIS 6.0
907275 IIS fails to serve ASP pages after you install IIS on Windows Server 2003 Service Pack 1
If you are having issue while apply MS06-034 patch (e.g. repeated AU update offers) , refer this KB for workaround solution. In short, you need to add/remove 'Common Files' IIS component in the Add/Remove Windows Components applet. For W2k3SP1, just resinstall the update package again. (packaged has been updated by MS)
What can I say? Intel is back :)
Image courtesy from Toms Hardware.
I talked about this last month regarding what kind of IIS 7 (full, basic or limited) you will get with various Microsoft Vista edition, yesterday - Microsoft published the actual featureset matrix and component/modules that will be included in each edition. It looks like Pro or the Vista Ultimate edition is where you want to go at least :) with everything exactly like server version except the 10 concurrent requests limit. With premium edition, you are only allow to play with anonymous authentication (built-in), and the basic authentication module. FTP is totally out of the picture as well for this version :) How about NNTP and SMTP ? Ha! good question, but this question should be directed to the Exchange team, as IIS team has no control over it. What I heard is that SMTP will remains but NNTP will be gone. And which edition has SMTP ? I'm guessing it will follows the FTP design, so again - it will be in Ultimate edition only :)
New video @ Channel9 show cases the end-to-end extensibility of IIS 7 from developers perspective. Don't forget watch the rest of the IIS video series here.
Pretty interesting month as we see two IIS related security bulletins. Again, not IIS core engine, both are components thta sit on top of the IIS server. Oh well, you can argue that for the asp.dll, it was part of the IIS built-in component :)
MS06-033: Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS06-033.mspx
Only affecting - .NET Framework 2.0
MS06-034: Vulnerability in Microsoft Internet Information Services using
Active Server Pages Could Allow Remote Code Execution (917537)
Severity: Important
http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
If you are using ASP for IIS 5.0, 5.1 and 6.0
For complete July security bulletins, refer here.
No webcasts this month :) Chris is take a break!
I've been extremely busy as well.... few projects due soon and traveling again :(