Patch For IIS 4.0 Invalid URL Vulnerability
Microsoft introduced a patch that covers an IIS 4.0 vulnerability that lets a malicious IIS user submit a URL containing invalid characters to the Web server. This submission, combined with certain events, causes the service to stop and creates a Denial of Service (DoS) condition. For more information, including a patch, go to Microsoft's TechNet Web site \[http://www.microsoft.com/technet/security/bulletin/ms00-063.asp\].
New IIS 5.0 Security Checklist Available
Microsoft recently released a new checklist that lets Web server administrators help secure a server running IIS 5.0. This checklist is similar to the popular IIS 4.0 checklist, although security policies simplify many registry settings. You can find the new checklist at Microsoft's TechNet Web site.