Microsoft Windows NT Server Home   All Products  |   Support  |   Search  | Home  
  Windows Home Pages  |   Downloads  |   Support  |   Sitemap  |
Enter a search phrase:
Windows NT Server 4.0 | Downloads

Security Update, November 9, 2000

Select your language from the drop-down list below and click Next.


Read Me First

This update resolves the "IIS Cross-Site Scripting" security vulnerability in Internet Information Server (IIS) 4.0. This vulnerability could enable a malicious user to run code on another user's computer, disguised as a third-party Web site. If a malicious user exploits this vulnerability successfully, a Web site hosted by your server can be used to run code, forward information, and read or write cookies on the computer of any visiting user. Download now to prevent a malicious user from introducing code on your Web server and returning that code as a Web page (hosted by your server) to visiting browsers.

Note This update only resolves the vulnerability found in IIS. Microsoft recommends that customers who host Web sites contact the suppliers of the software programs that run on their servers, and verify that the vendor has reviewed each software program for Cross-Site Scripting vulnerabilities. Static Web pages cannot be exploited by this vulnerability; customers whose Web servers only supply static content do not need to install this update.

This vulnerability does not allow a malicious operator to add, change, or delete any content on your Web site.

Any software running on a Web server is vulnerable if it:

  • Solicits input from the user.
  • Uses the input blindly, without performing validity checks.
  • Incorporates user input into a dynamic Web page that is sent to a visiting computer.

For more information on this vulnerability, please read Microsoft Security Bulletin MS00-060.

System Requirements

This update applies to Internet Information Server 4.0.

How to download and install

  1. Select your language from the drop-down list above.
  2. Click Next.
  3. On the following page, click Download Now.
  4. Do one of the following:
    • To start the installation immediately, select Run this Program from its Current Location.
    • To copy the download to your computer for installation at a later time, select Save this Program to Disk.
  5. Click OK.

How to use
Restart your computer to complete the installation.

How to uninstall
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Add/Remove Programs.
  3. Select Windows 4.0 Hotfix [See Q275657 for more information] and click Add/Remove to uninstall.

 Last Updated: Wednesday, February 14, 2001
  2001 Microsoft Corporation. All rights reserved. Terms of Use.