Security 10808 Published by

Microsoft has released a patch that eliminates a serious security
vulnerability in Microsoft(r) Internet Information Services 5.0. The
vulnerability could enable a malicious user to run operating system
commands on an affected web server.

Microsoft strongly urges all customers using IIS 5.0 to apply the
patch immediately. IIS 4.0 is not affected by the vulnerability.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-086.asp

Affected Software Versions
==========================
- Microsoft Internet Information Service 5.0

Note: IIS 4.0 is not affected by the vulnerability.

Patch Availability
==================
- English:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25547
- Simplified Chinese:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25580
- Traditional Chinese:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25581
- German:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25582
- Japanese:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25583

Note: This patch can be applied atop system running either Windows
2000 Gold or Service Pack 1. It will be included in Windows 2000
Service Pack 2.