Microsoft Security Bulletin MS00-060
Patch Available for 'IIS Cross-Site Scripting' Vulnerabilities
Originally posted: August 25, 2000
Updated: May 18, 2003
On August 25, 2000, Microsoft released the original version of this bulletin, to advise customers of the availability of a patch that eliminates a vulnerability in Microsoft® Internet Information Server. However, an additional variant of the vulnerability was subsequently identified, and on November 2, 2000, the bulletin was updated to advise customers of the availability of an updated patch.
The scope of the new vulnerability is exactly the same as that of the originally-reported one. The updated patch eliminates all known variants of the vulnerability. Customers who applied the original version of the patch should apply the new version to ensure that they are fully protected.
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Server 5.0
Support: This is a fully supported patch. Information on contacting Microsoft Product Support Services is available at http://support.microsoft.com/contactussupport/?ws=support.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- August 25, 2000: Bulletin Created.
- November 2, 2000: Bulletin updated to announce availability of a patch to eliminate a new variant of this issue.
- V2.0 (May 18, 2003): Introduced versioning and updated links to information on Cross-Site Scripting and Knowledge Base articles.