PHP on IIS: get the latest security updates now
This morning Microsoft has released a security update that addresses the ASP.NET Security Vulnerability. The PHP applications running on IIS are subject to this vulnerability if ASP.NET is enabled in IIS.
IMPORTANT: Even if PHP applications on IIS do not use any of the ASP.NET features the vulnerability still exists as long as ASP.NET is enabled. It is recommended to install the security update as soon as possible.
The security update is available today via the Microsoft Download Center. In a next few days it will also be distributed via Windows Update channels. Once the update is on Windows Update, you can run the Windows Update on your servers to automatically apply the security patch.
If you plan to download the updates directly from Microsoft Download Center then follow the instructions in Scott Guthrie's blog at: