This update resolves the "Web Server File Request Parsing" security vulnerability in Internet Information Server (IIS) 4.0 and Internet Information Services (IIS) 5.0. When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests.

For more information about this vulnerability, please read Microsoft Security Bulletin MS00-086. (This site is in English.)

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Whistler Beta Hotfix [See Q277873 for more information] and click Change/Remove to uninstall.