Security 10748 Published by

Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft® Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected web server from providing useful service.

Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-100.asp

Affected Software Versions
Microsoft IIS 4.0
Microsoft IIS 5.0

Patch Availability
Microsoft IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26277

Microsoft IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26704

Note: The IIS 5.0 patch can be applied atop system running either Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 2.

Note: The IIS 4.0 patch can be applied atop system running Windows NT 4.0 Service Pack 6a or 5. It will be included in Windows NT 4.0 Service Pack 7.

Note: IIS users who have removed the FPSE are not affected by this vulnerability and do not need to take further action.