Chunked Encoding Post Vulnerability in IIS 4.0
Microsoft issued Security Bulletin MS00-018, which outlines the new Chunked Encoding Post vulnerability in IIS 4.0. This vulnerability lets a malicious user perform a Denial of Service (DoS) attack against a Web server. The attack exploits buffered memory for PUT and power-on self test (POST) operations by absorbing memory allocated to the Web server. The attack can eventually prevent the Web server from performing normally. For more information about this vulnerability and a patch, go to http://www.microsoft.com/technet/security/bulletin/ms00-018.asp.
Microsoft Releases Registry Security Tool
Earlier this month, Microsoft released a Registry tool designed to tighten permissions on Windows NT 4.0 Registries in order to eliminate potential vulnerabilities. For more information, see Microsoft Security Bulletin (MS00-008).