General 8065 Published by

Patch Available for "Absent Directory Browser Argument" Vulnerability

Originally Posted: July 14, 2000

Summary
=======
Microsoft has released a patch that eliminates two security
vulnerabilities in Microsoft(r) Internet Information Server. In sum,
the vulnerabilities could allow a malicious user to stop the web
server from providing useful service, or to extract certain types of
information from it.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-044.asp

Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Server 5.0

Patch Availability
==================
- IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22709
- IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22708