Select your language from the drop-down list below and
Read Me First
This update resolves the "IIS Cross-Site Scripting"
security vulnerability in Internet Information Server (IIS)
4.0. This vulnerability could enable a malicious user to run
code on another user's computer, disguised as a third-party
Web site. If a malicious user exploits this vulnerability
successfully, a Web site hosted by your server can be used to
run code, forward information, and read or write cookies on
the computer of any visiting user. Download now to prevent a
malicious user from introducing code on your Web server and
returning that code as a Web page (hosted by your server) to
Note This update only resolves the vulnerability
found in IIS. Microsoft recommends that customers who host Web
sites contact the suppliers of the software programs that run
on their servers, and verify that the vendor has reviewed each
software program for Cross-Site Scripting vulnerabilities.
Static Web pages cannot be exploited by this vulnerability;
customers whose Web servers only supply static content do not
need to install this update.
This vulnerability does not allow a malicious operator to
add, change, or delete any content on your Web site.
Any software running on a Web server is vulnerable if it:
- Solicits input from the user.
- Uses the input blindly, without performing validity
- Incorporates user input into a dynamic Web page that is
sent to a visiting computer.
For more information on this vulnerability, please read
Microsoft Security Bulletin MS00-060.
This update applies to Internet Information Server 4.0.
How to download and install
- Select your language from the drop-down list above.
- Click Next.
- On the following page, click Download Now.
- Do one of the following:
- To start the installation immediately, select Run
this Program from its Current Location.
- To copy the download to your computer for installation
at a later time, select Save this Program to Disk.
- Click OK.
computer to complete the installation.
- Click Start, point to Settings, and then
click Control Panel.
- Double-click Add/Remove Programs.
- Select Windows 4.0 Hotfix [See Q275657 for more
information] and click Add/Remove to uninstall.