Microsoft recently released a cumulative patch for its Internet Information Services Web server software, which is available on Microsoft Windows XP, 2000, and NT 4.0 operating systems. The patch is cumulative in that it includes the functionality of all security patches released for Microsoft IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 and 5.1.
Additionally, the patch includes fixes for ten newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or 5.1, the most serious of which could enable code of an attacker’s choice to be run on a server. (Note: Beta versions of .NET Server after Build 3605 contain fixes for all of the vulnerabilities affecting IIS 6.0.)
Microsoft recently released a cumulative patch for its Internet Information Services Web server software. The patch includes the functionality of all security patches released for Microsoft IIS 4.0 since Windows NT 4.0 SP-6a, and all patches released to date for IIS 5.0 and 5.1, as well as fixes for ten newly discovered security vulnerabilities.
Microsoft has issued a critical severity rating for the patch and highly recommends that customers using any of the affected products install the patch immediately. In fact, there have been reports of Microsoft managers issuing internal e-mails demanding all staff install the patch or be blocked from accessing the Internet (even when IIS is not enabled).
Below is a listing and download link for the IIS security patch courtesy of our partner site, CWSApps.
Additional information on the IIS Security Patch (and download links) can be found at:
Microsoft IIS Security Patches
|The latest security vulnerability patches for Microsoft IIS
|“Cumulative Patch for Internet Information Services” Patch (4/10/02)
|Windows XP, Windows NT/2000
|Free update patches for Microsoft Internet Information Services
|Microsoft Corporation – Microsoft Current Security Bulletins