General 8066 Published by

Patch Available for "Specialized Header" Vulnerability
Originally posted: August 14, 2000

Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Internet Information Server that ships with
Microsoft(r) Windows 2000. Under certain conditions, the
vulnerability could cause a web server to send the source code of
certain types of web files to a visiting user.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-058.asp

Affected Software Versions
==========================
- Microsoft Internet Information Server 5.0

Patch Availability
==================
- http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23769

Note: This vulnerability is eliminated by installing Windows 2000
Service Pack 1
http://www.microsoft.com/windows2000/downloads/recommended/sp1/
We recommend that customers apply SP1 as the preferred option for
eliminating this vulnerability, as it has been fully regression
tested and includes fixes for additional issues.