Microsoft really trust to IIS 7.0

Redmond giant has switched to IIS 7.0 on their Web site. Netcraft report of www.microsoft.com:

IP address: OS:
207.46.19.190 Windows Server 2003

Web Server: Last changed:
IIS/7.0 13-Jun-2007

They don’t care about reports like this:

Web Server Software and Malware
;-)

Share
  • foo

    Actually, there’s a reason to trust. Try to find any remote bug on IIS6. Do not count applications.

  • http://jean-sebastienguay-leroux.com g463

    If I look I into IIS6 I’ll find a lot, remote and exploitable I bet… But I’m too lazy :)

    http://jean-sebastienguay-leroux.com

  • Jason DePriest

    You have http://www.microfot.com in your text instead of http://www.microsoft.com which your Netcraft link points to.

  • http://networksecurity.typepad.com/ Juha-Matti

    Thanks, Sunday was not my day…
    Fixed! (the clickable Netcraft link worked fine)

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    IIS itself has proven fairly secure since the Code Red/Nimda fiascos. For IIS 6 (shipped with Windows Server 2003), Microsoft turned off the features that the same worms exploited in a default install. The detractors for IIS include the .NET framework (which has a checkered history) and, as always, the applications running on top of it.

    What’s interesting about this development is that Microsoft appears to have moved from IIS 6 on Windows Server 2003 (a production product with a pretty solid security/stability record) to IIS 7 on Windows Server 2007/2008 Beta-ware. That Microsoft would run a Beta OS that is not even to the Release Candidate phase on its high-traffic web sites suggests confidence in the OS.

    Such pre-release use is not uncommon for Microsoft server OSes. Microsoft.com was run on a beta of Windows Server 2003 as well, several months prior to the product’s release to manufacturing.