• Information about HeartBleed and IIS

    Posted 9 months ago
    by Erez Benari}

    The Heartbleed vulnerability in OpenSSL (CVE-2014-0160) has received a significant amount of attention recently. While the discovered issue is specific to OpenSSL, many customers are wondering whether this affects Microsoft’s offerings, specifically Windows and IIS.  Microsoft Account and Microsoft Azure, along with most Microsoft Services, were not impacted by the OpenSSL vulnerability. Windows’ implementation of SSL/TLS was also not impacted.

    We also want to assure our customers that default configurations of Windows do not include OpenSSL, and are not impacted by this vulnerability.   Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.

    This applies to all Windows operating systems and IIS versions, up to and including IIS 8.5 running on any of the following operating systems:

    •             Windows Server 2003 and 2003R2
    •             Windows Server 2008
    •             Windows Server 2008R2
    •             Windows Server 2012
    •             Windows Server 2012R2

    Customers running software on Windows that uses OpenSSL instead of SChannel (for example, running the Windows version of Apache), may be vulnerable.  We recommend that all customers who may be vulnerable follow the guidance from their software distribution provider.  For more information and corrective action guidance, please see the information from US Cert here.

  • Top support solutions!

    Posted 10 months ago
    by Erez Benari}

    Having been around for so long, and encompassing so many technologies, information about using IIS and solving problems is more than abundant. The IIS.Net website alone has thousands of article, which can make it challenging to find what you need.

    To make things easier for IIS and other products, Microsoft support has setup a new blog resource called “Top Support Solutions”, which offers a hand-picked selection of links and information about Microsoft’s leading products.

    Wei Zhao from Microsoft support in China has lent his time to collecting such a collection for IIS, and we’re sure you’ll find it useful. You can find it here. In addition, Jim Cheshire from Microsoft support in Las Colinas, Texas, has done a similar job of hand-picking solutions for Azure Web Sites.

    On the main blog page, you can find other collections for 34 additional products, ranging from Windows 8.1 to Unified Access Gateway (UAG).

    We hope these will make your day-to-day experience a healthy one!

    Wei Zhou       Jim Cheshire