This update resolves the "Session ID Cookie Marking" security vulnerability in Internet Information Server (IIS) 4.0 and Internet Information Services (IIS) 5.0. When using .asp files, IIS cannot differentiate between secure and non-secure Session ID cookies (small data files that identify you to a Web site as you move around within that site). This update enables .asp files to mark Session ID cookies as "secure." Download now to prevent a malicious user from connecting to the Web page you are viewing, assuming your identity, and placing orders or viewing your personal information.

Note This update has been revised as of November 20, 2000. Microsoft recommends that you install this version of the update.

For more information about this vulnerability, please read Microsoft Security Bulletin MS00-080. (This site is in English.)

• Internet Information Server 4.0
• Internet Information Services 5.0

1. Click Start, point to Settings and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 4.0 Hotfix [See Q274149 for more information] and click Add/Remove.