This update resolves the "Web Server File Request Parsing" security vulnerability in Internet Information Server (IIS) 4.0 and Internet Information Services (IIS) 5.0. When a Web server that is running IIS receives a request for a file, it passes the name of the file to the operating system for processing. If a malicious user combines a request for a .cmd or .bat file with operating system commands in a particular way, IIS improperly passes both the file request and the commands to the operating system. This could allow the malicious user to run commands directly on the Web server. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests.
Note This update has been revised as of November 20, 2000. Microsoft recommends that you install this version of the update.
For more information about this vulnerability, please read Microsoft Security Bulletin MS00-086. (This site is in English.)