Microsoft Windows NT Server Home   All Products  |   Support  |   Search  |   microsoft.com Home  
Microsoft
  Windows Home Pages  |   Downloads  |   Support  |   Sitemap  |
 
Enter a search phrase:
 
Windows NT Server 4.0 | Downloads

Security Update, September 1, 2000






Read Me First

This update resolves the "Internet Information Server Cross-Site Scripting" security vulnerability in Internet Information Server (IIS) 4.0. Download now to prevent a malicious user from introducing code on your Web server, where that code could be returned as a Web page (hosted by your server) to any visiting browser. Ultimately, if a malicious user is successful in exploiting this vulnerability, a Web site hosted by your server can be used to run more code, forward information, and read or write cookies on the computer of any visiting user.
Note This update only resolves the vulnerability found in IIS. Microsoft recommends that all customers who are hosting Web sites contact the suppliers of all software programs that are running on their servers, and verify that the vendor has reviewed each software program for CSS vulnerabilities. Static Web pages cannot be exploited by this CSS vulnerability, customers whose Web servers only supply static content do not need to install this update.

For more information on this vulnerability, please read Microsoft Security Bulletin MS00-060.

For additional information, please read the Microsoft Knowledge Base (KB) Article Q260347.

Any software running on a Web server could be vulnerable to CSS if it:

  • Solicits input from the user
  • Uses the input blindly, without performing validity checks
  • Incorporates the input into a dynamic Web page that is sent to a computer

System Requirements

This update applies to:

  • Internet Information Server 4.0
  • Internet Information Server 5.0

Note Also available for download is a symbols package for this update. Recommended for system administrators and other advanced users, the symbols package is used for diagnosing Windows NT 4.0 system problems and is not required for proper operation of your computer.

How to download and install
Note Please save your work and close all open programs before installing.

  1. Click x86 Intel Version or Compaq DIGITAL Alpha Version above.
  2. Select your language from the drop down list provided.
  3. Click Next.
  4. Click Download Now.
  5. Follow the instructions on your screen.

Note Some languages also include a symbols package for this update. Recommended for system administrators and other advanced users, the symbols package is used for diagnosing Windows NT 4.0 system problems and is not required for proper operation of your computer.

How to use

Please restart your computer to complete the install.

How to uninstall

  1. Click Start, point to Settings and click Control Panel.
  2. Double-click Add/Remove Programs.
  3. Select Windows 4.0 Hotfix [See Q260347 for more information] and click Add/Remove to uninstall.


 Last Updated: Tuesday, March 27, 2001
  2001 Microsoft Corporation. All rights reserved. Terms of Use.