Microsoft really trust to IIS 7.0

Redmond giant has switched to IIS 7.0 on their Web site. Netcraft report of

IP address: OS: Windows Server 2003

Web Server: Last changed:
IIS/7.0 13-Jun-2007

They don’t care about reports like this:

Web Server Software and Malware

  • foo

    Actually, there’s a reason to trust. Try to find any remote bug on IIS6. Do not count applications.

  • g463

    If I look I into IIS6 I’ll find a lot, remote and exploitable I bet… But I’m too lazy :)

  • Jason DePriest

    You have in your text instead of which your Netcraft link points to.

  • Juha-Matti

    Thanks, Sunday was not my day…
    Fixed! (the clickable Netcraft link worked fine)

  • Matthew Murphy

    IIS itself has proven fairly secure since the Code Red/Nimda fiascos. For IIS 6 (shipped with Windows Server 2003), Microsoft turned off the features that the same worms exploited in a default install. The detractors for IIS include the .NET framework (which has a checkered history) and, as always, the applications running on top of it.

    What’s interesting about this development is that Microsoft appears to have moved from IIS 6 on Windows Server 2003 (a production product with a pretty solid security/stability record) to IIS 7 on Windows Server 2007/2008 Beta-ware. That Microsoft would run a Beta OS that is not even to the Release Candidate phase on its high-traffic web sites suggests confidence in the OS.

    Such pre-release use is not uncommon for Microsoft server OSes. was run on a beta of Windows Server 2003 as well, several months prior to the product’s release to manufacturing.