Read Me First
This update resolves two security vulnerabilities in
Internet Information Server (IIS) 4.0, the "Absent Directory
Browser Argument" vulnerability and the "File Fragment Reading
via .HTR" vulnerability. Installing this update will prevent a
malicious user from exploiting these vulnerabilities to slow
performance on an affected Web server or, under very specific
conditions, obtain the source code of certain types of files
on a Web server. The referenced .HTR files are scripts that
Windows NT® users can employ to change passwords, and that
administrators can use to perform a variety of password
administration functions. Neither of these vulnerabilities
allows data to be changed, added, or deleted on the server,
nor do they allow administrative control over the affected
For more information on this vulnerability, please visit
Microsoft Security Bulletin MS00-044.
Note This update also resolves the vulnerabilities
addressed in Microsoft Security Bulletin MS00-031.
How to download and install
save your work and close all open programs before installing.
Note If a Compaq DIGITAL Alpha download is not
available on this page, it can be requested from Product
Support Services. Please see the Microsoft Knowledge Base (KB)
- Click the x86 (Intel) or Compaq DIGITAL Alpha
link above to download the version of the update that
applies to your computer.
- Select your language from the drop-down list provided on
the following page and click Next.
- On the last page, click Download Now and follow
the instructions on your screen.
Note Some languages also include a symbols package
for this update. Recommended for system administrators and
other advanced users, the symbols package is used for
diagnosing Windows NT 4.0 system problems and is not required
for proper operation of your computer.
How to use
Restart your computer to complete the
How to uninstall
- Click Start, point to Settings and click
- Double-click Add/Remove Programs.
- Select Windows 4.0 Hotfix [See q267559 for more
information] and click Add/Remove to uninstall.