4

When I install Internet Information Server on a Windows machine that is fully patched according to Windows Update, will it be installed as patched right from the start?

I have always wondered if any patching inconsistencies could arise from the fact that all available patches (some of which might affect IIS) are marked as installed, but at the point in time they were installed IIS was not on the system and the files they would have affected were not there.

Tomalak
  • 1,605
  • 4
  • 17
  • 32

1 Answers1

3

No, IIS will be at the level of your installation source. Your system does not download updates it does not think it needs.

maristgeek
  • 314
  • 1
  • 2
  • So you run Windows Update manually immediately after changing the selected active Windows components to pick up any (now) missing patches. – Richard Oct 26 '10 at 11:14
  • @Richard: Does that mean there are no patches that affect IIS and something else, and may be downloaded to patch that "other thing" even though there is no IIS installed? – Tomalak Oct 28 '10 at 11:14
  • 1
    @Tomalak: You will probably have already installed various .NET updates, but no IIS specific updates. – maristgeek Oct 28 '10 at 14:32
  • @Tomalak IME where multiple things (version, system components) each need a patch for a vulnerability, you need to apply multiple patches. I cannot recall any exceptions (which doesn't mean it hasn't happened). E.g. consider recent ASP.NET security patch: some systems here needed three patches to cover all the installed bits. – Richard Oct 29 '10 at 10:30