On August 25, 2000, Microsoft released the original version of this
bulletin, to advise customers of the availability of a patch that
eliminates a vulnerability in Microsoft(r) Internet Information
Server. However, an additional variant of the vulnerability was
subsequently identified, and on November 2, 2000, the bulletin was
updated to advise customers of the availability of an updated patch.

The scope of the new vulnerability is exactly the same as that of the
originally-reported one. The updated patch eliminates all known
variants of the vulnerability. Customers who applied the original
version of the patch should apply the new version to ensure that they
are fully protected.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-060.asp

Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Server 5.0

Patch Availability
==================
- Internet Information Server 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25534
- Internet Information Server 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25533