Microsoft Security Bulletin MS00-031 announces the availability of a patch that eliminates two vulnerability in Microsoft® Internet Information Server.
What´s the scope of the vulnerabilities?
There are two vulnerabilities here. The first, the "Undelimited .HTR Request" vulnerability, is a denial of service vulnerability that could be used to prevent an affected web server from providing useful service. The second, the "File Fragment Reading via .HTR" vulnerability could allow certain types of files to be read from the server under very unusual conditions.
Neither of these vulnerabilities would allow data to be changed, added or deleted on the server, nor would either allow administrative control over the machine to be usurped. If security recommendations have been followed, many customers will have disabled the functionality affected by the vulnerabilities; customers who have done this are not affected by the vulnerabilities.
Read more
What´s the scope of the vulnerabilities?
There are two vulnerabilities here. The first, the "Undelimited .HTR Request" vulnerability, is a denial of service vulnerability that could be used to prevent an affected web server from providing useful service. The second, the "File Fragment Reading via .HTR" vulnerability could allow certain types of files to be read from the server under very unusual conditions.
Neither of these vulnerabilities would allow data to be changed, added or deleted on the server, nor would either allow administrative control over the machine to be usurped. If security recommendations have been followed, many customers will have disabled the functionality affected by the vulnerabilities; customers who have done this are not affected by the vulnerabilities.
Read more
