This update resolves the "Internet Information Server Cross-Site Scripting" security vulnerability in Internet Information Server (IIS) 4.0 and IIS 5.0,; and is discussed in Microsoft Security Bulletin MS00-060. Download now to help prevent a malicious user from introducing code on your Web server.
This code could be returned as a Web page (hosted by your server) to any visiting browser. Ultimately, if a malicious user is successful in exploiting this vulnerability, a Web site hosted by your server can be used to run more code, forward information, and read or write cookies on the computer of any visiting user.
Note This update only resolves the vulnerability found in IIS. Microsoft recommends that all customers who are hosting Web sites contact the suppliers of all software programs that are running on their servers, and verify that the vendor has reviewed each software program for CSS vulnerabilities. Static Web pages cannot be exploited by this CSS vulnerability, customers whose Web servers only supply static content do not need to install this update.
For more information on this vulnerability, please read Microsoft Security Bulletin MS00-060 and Microsoft Knowledge Base (KB) Article Q260347. (These sites are in English.)