Iis
The latest Iis coverage — news, analysis, and updates from the WindowsNews.AI desk.
KB5066835 Breaks Local IIS on Windows 11: Complete Fix Guide
Microsoft's October 2025 cumulative update KB5066835 has triggered widespread reports of broken local IIS installations across Windows 11 systems, disrupting developer workflows and causing...
AWS EC2 Image Builder and Systems Manager automate Windows IIS provisioning, slashing deployment failures
The traditional approach to Windows server provisioning has long been plagued by manual processes, configuration drift, and inconsistent deployments. Ziff Davis's engineering team, in collaboration...
WSUS on Windows Server 2025 Loses Legacy Binaries, ESU Patching for 2012/2012 R2 Halted
Administrators relying on Windows Server Update Services (WSUS) on Windows Server 2025 to deliver Extended Security Updates (ESU) to ancient Windows Server 2012 and 2012 R2 machines got an unwelcome...
Windows HTTP.sys Out-of-Bounds Read Enables Remote DoS — Patch Urgently
A newly referenced vulnerability in the Windows HTTP protocol stack exposes internet-facing servers to remote denial-of-service attacks, forcing administrators to take immediate action even as public...
Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now
Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...
IIS on Windows Server: Three Paths to a Hardened Web Host and When to Use Each
When it comes to standing up a web server on Windows, Internet Information Services (IIS) has been the default answer for decades. Yet, despite its deep integration into Windows Server, the role...
ESET Uncovers GhostRedirector: Silent IIS Backdoor Drives SEO Fraud on 65+ Windows Servers
At least 65 internet-facing Windows servers have been quietly conscripted into an SEO fraud network, each one armed with a stealthy backdoor and a malicious IIS module that feeds manipulated content...
GhostRedirector Sneaks Native Backdoors Into IIS to Hijack SEO Rankings
A stealthy campaign that has compromised at least 65 Internet-facing Windows IIS servers worldwide is using a pair of previously unseen native implants to convert legitimate websites into invisible...
ESET Exposes GhostRedirector: China-Aligned Hackers Deploy IIS SEO Fraud and Custom Backdoor on 65 Windows Servers
In June 2025, ESET researchers unearthed a previously unknown threat actor they call GhostRedirector, which had compromised at least 65 Windows servers around the globe. The attackers deployed two...
Microsoft Confirms: TLS 1.3 Will Keep Breaking IIS Express mTLS on Windows 11, No Permanent Fix Planned
Developers relying on IIS Express for local testing with client certificates (mTLS) will continue to face breakage as long as TLS 1.3 remains enabled on Windows 11, Microsoft has confirmed, with no...
Patch Tuesday Deluge: Digest Auth RCE (CVE-2025-21294) Puts IIS Servers at Risk
Administrators running Internet-facing Windows IIS servers must immediately disable Digest Authentication to block a newly discovered remote code execution vulnerability, CVE-2025-21294, confirmed by...
Windows Server 2025 Upgrades Threatened by Lingering IIS and WSUS Misconfigurations
A recent technical report in International Daily News has cast a spotlight on the brittle relationship between three backbone components of the Microsoft server ecosystem—Internet Information...