Tag

Security

21 posts tagged with this.

All posts RSS
  1. Official Blog
    · 1 min read

    Mitigating Recent .NET Deserialization Risks in Production

    A recent advisory warns of unsafe object deserialization paths in ASP.NET Core workloads. Production sites on Windows Server and IIS must apply targeted configuration and code changes to reduce exposure.
  2. Official Blog
    · 1 min read

    PowerShell IIS Hardening on Windows Server 2025

    Windows Server 2025 ships with updated IIS defaults that reduce attack surface for .NET sites. This guide shows the exact PowerShell commands administrators use to apply and verify those settings in production.
  3. Official Blog
    · 2 min read

    Addressing the Recent Kestrel Header Parsing Advisory

    A Microsoft advisory details a denial-of-service risk in Kestrel's HTTP/2 header handling affecting ASP.NET Core production sites. Learn the scope of impact and the concrete configuration and patching steps required to close the exposure.
  4. Official Blog
    · 1 min read

    PowerShell IIS Management with Active Directory on Windows Server 2025

    PowerShell cmdlets now provide tighter integration with Active Directory for IIS site and application pool management on Windows Server 2025. Administrators can enforce consistent authentication and permission models without relying on the IIS Manager GUI.
  5. Official Blog
    · 1 min read

    Mitigating Recent Kestrel Request Handling Issues

    A recent Microsoft advisory highlights risks in Kestrel's HTTP request processing for ASP.NET Core applications. Production sites must apply configuration changes and update to current .NET releases to prevent potential request smuggling and denial of service.
  6. Official Blog
    · 1 min read

    PowerShell Hardening for IIS on Windows Server 2025

    Windows Server 2025 ships with updated IIS defaults that still require targeted configuration for production .NET workloads. This post shows the exact PowerShell commands system administrators use to lock down sites, enforce TLS, and integrate with Active Directory.
  7. Official Blog
    · 1 min read

    Mitigating Recent ASP.NET Core Auth Header Risks

    A recent advisory details flaws in how ASP.NET Core applications process authentication headers under specific load conditions. Production sites must apply updates and tighten configuration to prevent bypasses.
  8. Official Blog
    · 1 min read

    Mitigating Recent .NET Request Smuggling Risks

    A recent advisory highlights HTTP/2 request smuggling flaws affecting ASP.NET Core applications on IIS. Production sites must apply updates and adjust server configuration to prevent request manipulation and unauthorized access.
  9. Official Blog
    · 1 min read

    Mitigating Recent ASP.NET Core Header Parsing Risks

    A recent Microsoft security advisory highlights risks in ASP.NET Core header handling that can lead to authentication bypass on production sites. Learn who is affected and the exact configuration changes required to close the exposure.
  10. Official Blog
    · 1 min read

    Mitigating the 2026 ASP.NET Core Deserialization Advisory

    A deserialization flaw disclosed in March 2026 affects ASP.NET Core applications running on .NET 9 and earlier. Production sites must update to the current LTS release and tighten serialization settings to prevent remote code execution.
  11. Official Blog
    · 1 min read

    PowerShell Automation for IIS on Windows Server 2025

    System administrators running Windows Server 2025 can use PowerShell to automate IIS site provisioning and Active Directory authentication setup. These scripts reduce configuration drift and enforce consistent security policies across hosted .NET applications.
  12. Official Blog
    · 1 min read

    Mitigating CVE-2023-38180 in ASP.NET Core Kestrel

    ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.
  13. Official Blog
    · 2 min read

    Automating IIS with PowerShell on Windows Server 2022

    PowerShell scripts offer a consistent method for configuring IIS on Windows Server 2022. This reduces configuration drift and allows administrators to apply security and performance settings reliably across all web servers.
  14. Official Blog
    · 2 min read

    Mitigating CVE-2023-44487: HTTP/2 Rapid Reset in .NET Apps

    CVE-2023-44487 exposes HTTP/2 servers to a high-amplification denial of service attack known as Rapid Reset. Learn exactly how it impacts ASP.NET Core applications on Kestrel and IIS, plus the updates, Kestrel configuration, and monitoring practices needed to keep your production sites online.
  15. Official Blog
    · 4 min read

    Automating IIS with PowerShell on Windows Server 2022

    Automate IIS configuration on Windows Server 2022 with PowerShell for consistent, repeatable deployments. This guide details server preparation, isolated app pool creation with AD accounts, automated site provisioning with HTTPS, security hardening, and config locking. Scripts eliminate drift, reduc