This update resolves the "Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000" security vulnerability in Internet Information Server (IIS) 5.0 and Exchange 2000, and is discussed in Microsoft Security Bulletin MS01-014. Download now to prevent a malicious user from causing IIS 5.0 to fail.

This vulnerability exists because IIS 5.0 and Exchange 2000 incorrectly handle URLs that have a specific construction. If a malicious user sends a request to an affected Exchange 2000 server or an affected IIS 5.0 computer using a malformed URL, it can result in a repeating memory allocation error that causes IIS 5.0 to fail. Any Web sessions in progress are lost.

For more information about this issue, read Microsoft Security Bulletin MS01-014. (This site is in English.)

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Select Windows 2000 Hotfix (Pre SP3) [See Q286818 for more information], and then click Change/Remove to uninstall.