Security Updates Are Not Always Your Friends

In July Microsoft released Security Bulletin MS07-040-Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) 

A Security Update for Microsoft.net Framework 2.0 (KB928365) was released for  windows server 2003

this updates System.web.dll

I have found this security update to crash IIS and any asp.net 2.0 web site/web service w3wp.exe to be restarted on every web request.

It looks like this is only a problem when this security patch is automatically installed via windows updates.  Once I uninstalled the security update the crashing issue went away.  When I manually reinstalled the security update and rebooted IIS and ASP.NET continued to function correctly with out error.

 

Also updated was,

 940521 (http://support.microsoft.com/kb/940521/) The behavior of UTF8Encoding, Unicode Encoding, and UTF32Encoding changes to comply to the Unicode 5.0 requirements for Unicode encodings after you install the security update for the .NET Framework 2.0 that is described in security bulletin MS07-040

this seems to affect how ASP.NET generates its web control names.

Comments [0]