Security Updates Are Not Always Your Friends

In July Microsoft released Security Bulletin MS07-040-Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) 

A Security Update for Framework 2.0 (KB928365) was released for  windows server 2003

this updates System.web.dll

I have found this security update to crash IIS and any 2.0 web site/web service w3wp.exe to be restarted on every web request.

It looks like this is only a problem when this security patch is automatically installed via windows updates.  Once I uninstalled the security update the crashing issue went away.  When I manually reinstalled the security update and rebooted IIS and ASP.NET continued to function correctly with out error.


Also updated was,

 940521 ( The behavior of UTF8Encoding, Unicode Encoding, and UTF32Encoding changes to comply to the Unicode 5.0 requirements for Unicode encodings after you install the security update for the .NET Framework 2.0 that is described in security bulletin MS07-040

this seems to affect how ASP.NET generates its web control names.

Comments [0]
All comments require the approval of the site owner before being displayed.
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, strike, strong, sub, super, u) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

Enter the code shown (prevents robots):

Live Comment Preview