Microsoft really trust to IIS 7.0
June 17th, 2007 by Juha-Matti, Filed under: Web, Microsoft, Commentary, Corporate Security
Redmond giant has switched to IIS 7.0 on their Web site. Netcraft report of www.microsoft.com:
IP address: OS:
207.46.19.190 Windows Server 2003
Web Server: Last changed:
IIS/7.0 13-Jun-2007
They don’t care about reports like this:
Web Server Software and Malware
;-)
-
Is your site safe from SQL Injection? Sign up for an Automated Vulnerability Detection Service today!
Subscribe
Subscribe
Actually, there’s a reason to trust. Try to find any remote bug on IIS6. Do not count applications.
If I look I into IIS6 I’ll find a lot, remote and exploitable I bet… But I’m too lazy
http://jean-sebastienguay-leroux.com
You have www.microfot.com in your text instead of www.microsoft.com which your Netcraft link points to.
Thanks, Sunday was not my day…
Fixed! (the clickable Netcraft link worked fine)
IIS itself has proven fairly secure since the Code Red/Nimda fiascos. For IIS 6 (shipped with Windows Server 2003), Microsoft turned off the features that the same worms exploited in a default install. The detractors for IIS include the .NET framework (which has a checkered history) and, as always, the applications running on top of it.
What’s interesting about this development is that Microsoft appears to have moved from IIS 6 on Windows Server 2003 (a production product with a pretty solid security/stability record) to IIS 7 on Windows Server 2007/2008 Beta-ware. That Microsoft would run a Beta OS that is not even to the Release Candidate phase on its high-traffic web sites suggests confidence in the OS.
Such pre-release use is not uncommon for Microsoft server OSes. Microsoft.com was run on a beta of Windows Server 2003 as well, several months prior to the product’s release to manufacturing.