is a patch that eliminates security vulnerabilities in <A HREF=/Internet/Web_Publishing_Tools/Servers/Review_12471_index.html>Microsoft Internet Information Server (IIS)</A>.
The vulnerabilities allow security restrictions in IIS to be bypassed under certain conditions.
There are two vulnerabilities at issue here.
1) IIS provides the ability to restrict access to a Web site based on the user's domain. However, if IIS cannot resolve a user's IP address to a domain, it will grant the user's first request for a session. It will correctly deny them thereafter.
2) A user who accesses an FTP site via a browser will be able to download files even if they are marked No Access. This vulnerability is due to a regression error that was introduced in hotfixes released after Windows NT 4.0 Service Pack 5; it does not exist in SP5 or in previous versions.
Neither vulnerability provides a means to take control of the server.
Microsoft IIS and quot;Domain Resolution and quot; and and quot;FTP Download and quot; Vulnerabilities Patch runs on
Windows NT/2000/Windows 10/11
and is available under the
Freeware
license
— the installer is 503 KB.
We’ve catalogued it under
Servers.
✓
Verified clean. Every Microsoft IIS and quot;Domain Resolution and quot; and and quot;FTP Download and quot; Vulnerabilities Patch build on SoftLookup is scanned for viruses, spyware, adware, trojans and backdoors. We re-test on every update.
Help fellow users decide. Share your experience with Microsoft IIS and quot;Domain Resolution and quot; and and quot;FTP Download and quot; Vulnerabilities Patch.