Malformed "GET" URLs Can Crash IIS
Malformed URLs consisting of the GET statement and other erroneous data can cause the IIS service to consume all available resources and render the service unresponsive.
Information about the problem resides in Knowledge Base article Q192296, "IIS: Patch Available for IIS "GET" Vulnerability."
Microsoft has released the following hot fixes:
IIS 3.0 on Intel platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3i.exe
IIS 3.0 on Alpha platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget3a.exe
IIS 4.0 on Intel platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4i.exe
IIS 4.0 on Alpha platforms: ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4a.exe
To learn more about NT Security concerns, subscribe to NTSDCredits
- Originally reported by Eugene and Brian via Microsoft
- Posted on The NT Shop on December 21, 1998