Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Internet Information Server. The
vulnerability could allow a malicious user to "hijack" another user´s
secure web session, under a very restricted set of circumstances.
Frequently asked questions regarding this vulnerability
and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-080.asp
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
Patch Availability
==================
- IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25233
- IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25232
vulnerability in Microsoft(r) Internet Information Server. The
vulnerability could allow a malicious user to "hijack" another user´s
secure web session, under a very restricted set of circumstances.
Frequently asked questions regarding this vulnerability
and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-080.asp
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
Patch Availability
==================
- IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25233
- IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25232