Date: 30 October 2002
Software: Internet Information Service (IIS)
Impact: Four vulnerabilities, the most serious of which could enable applications on a server to gain system-level privileges.
Max Risk: Moderate
This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 and 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". Before applying the patch, system administrators should take note of the caveats discussed in the same section.
Download: Cumulative patch for IIS 4.0
Download: Cumulative Patch for IIS 5.0
Download: Cumulative Patch for IIS 5.1 32-bit
Download: Cumulative Patch for IIS 5.1 64-bit