Invalid URL Vulnerability; IIS 5.0 Security Checklist
Learn about a new patch that covers the Invalid URL vulnerability in IIS 4.0, and discover Microsoft's new security checklist for IIS 5.0.
September 12, 2000
Patch For IIS 4.0 Invalid URL Vulnerability
Microsoft introduced a patch that covers an IIS 4.0 vulnerability that lets a malicious IIS user submit a URL containing invalid characters to the Web server. This submission, combined with certain events, causes the service to stop and creates a Denial of Service (DoS) condition. For more information, including a patch, go to Microsoft's TechNet Web site [http://www.microsoft.com/technet/security/bulletin/ms00-063.asp].
New IIS 5.0 Security Checklist Available
Microsoft recently released a new checklist that lets Web server administrators help secure a server running IIS 5.0. This checklist is similar to the popular IIS 4.0 checklist, although security policies simplify many registry settings. You can find the new checklist at Microsoft's TechNet Web site.
About the Author
You May Also Like