MS00-057: Patch released for canonicalization error issue
This article was previously published under Q269862 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx) For more information about IIS 7.0, visit the following Microsoft Web site: http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1) On This PageSYMPTOMS A security patch has been released that resolves a
canonicalization error that can allow a malicious user to gain additional
permissions to certain types of files that are hosted on a Web
server. For this vulnerability to be exploited, several factors are involved:
276489 (http://support.microsoft.com/kb/276489/) Patch available for Web server folder traversal vulnerability
Microsoft Exchange 2000 Server users and Microsoft SharePoint Portal Server 2001 usersBoth Exchange 2000 and SharePoint Portal Server 2001 have problems with an older verison of this hotfix. A new update for the security patch for these products is available at the following Microsoft Web page:http://www.microsoft.com/technet/security/bulletin/ms00-086.mspx (http://www.microsoft.com/technet/security/bulletin/ms00-086.mspx) RESOLUTION To resolve this problem, obtain the latest
service pack for Windows 2000. For more information, click the following
article number to view the article in the Microsoft Knowledge Base: 260910 (http://support.microsoft.com/kb/260910/) How to obtain the latest Windows 2000 service pack
Internet Information Services 5.0The following files are available for download from the Microsoft Download Center: English Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/en-us/q269862_w2k_sp2_x86_en.exe) Arabic Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/ar/q269862_w2k_sp2_x86_ar.exe) Chinese (Simplified) Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/cn/q269862_w2k_sp2_x86_cn.exe) Chinese (Traditional) Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/tw/q269862_w2k_sp2_x86_tw.exe) Czech Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/cs/q269862_w2k_sp2_x86_cs.exe) Danish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/da/q269862_w2k_sp2_x86_da.exe) Dutch Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/nl/q269862_w2k_sp2_x86_nl.exe) Finnish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/fi/q269862_w2k_sp2_x86_fi.exe) French Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/fr/q269862_w2k_sp2_x86_fr.exe) German Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/de/q269862_w2k_sp2_x86_de.exe) Greek Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/el/q269862_w2k_sp2_x86_el.exe) Hebrew Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/he/q269862_w2k_sp2_x86_he.exe) Hungarian Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/hu/q269862_w2k_sp2_x86_hu.exe) Italian Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/it/q269862_w2k_sp2_x86_it.exe) Japanese Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/ja/q269862_w2k_sp2_x86_ja.exe) Japanese NEC Language Version (http://download.microsoft.com/download/win2000platform/patchnec/q269862/nt5/ja/q269862_w2k_sp2_nec98_ja.exe) Korean Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/ko/q269862_w2k_sp2_x86_ko.exe) Norwegian Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/no/q269862_w2k_sp2_x86_no.exe) Polish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/pl/q269862_w2k_sp2_x86_pl.exe) Portuguese (Brazilian) Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/pt-br/q269862_w2k_sp2_x86_br.exe) Portuguese Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/pt/q269862_w2k_sp2_x86_pt.exe) Russian Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/ru/q269862_w2k_sp2_x86_ru.exe) Spanish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/es/q269862_w2k_sp2_x86_es.exe) Swedish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/sv/q269862_w2k_sp2_x86_sv.exe) Turkish Language Version (http://download.microsoft.com/download/win2000platform/patch/q269862/nt5/tr/q269862_w2k_sp2_x86_tr.exe)119591 (http://support.microsoft.com/kb/119591/EN-US/) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The English version of this fix should have the
following file attributes or later:Date Time Version Size File name ----------------------------------------------------- 08-09-2000 1:02pm 5.0.2195.2103 357,136 W3svc.dll Internet Information Server 4.0The following files are available for download from the Microsoft Download Center:NOTE: Debug symbol files are required by an administrator to do both kernel and user mode debugging, providing a method to resolve global variables and function names in the loaded file. The symbol files are denoted with an "s" in the file name (for example, Prmcan4is.exe). US English
Intel:
Download Prmcan4i.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)German
Intel:
Download Prmcan4i.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Japanese
Intel:
Download Prmcan4i.exe now (http://www.microsoft.com/Downloads/details.aspx?displaylang=ja&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/Downloads/details.aspx?displaylang=ja&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/Downloads/details.aspx?displaylang=ja&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/Downloads/details.aspx?displaylang=ja&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Korean
Intel:
Download Prmcan4i.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=ko&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=ko&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=ko&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=ko&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Simplified Chinese
Intel:
Download Prmcan4i.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Traditional Chinese
Intel:
For additional information about how to download Microsoft Support
files, click the following article number to view the article in the Microsoft
Knowledge Base: Download Prmcan4i.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4is.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4a.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)Download Prmcan4as.exe now (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=344BFA19-F565-410E-8A9A-8BCBF3AAAABD)119591 (http://support.microsoft.com/kb/119591/EN-US/) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
The English version of this fix should have the
following file attributes or later:Date Time Size File name Platform --------------------------------------------------- 08/03/2000 05:06p 330,080 Asp.dll Intel 08/03/2000 05:04p 185,792 Infocomm.dll Intel 08/03/2000 05:05p 38,256 Ssinc.dll Intel 08/03/2000 05:05p 25,360 Sspifilt.dll Intel 08/03/2000 05:05p 228,496 W3svc.dll Intel 08/03/2000 05:08p 551,696 Asp.dll Alpha 08/03/2000 05:06p 304,912 Infocomm.dll Alpha 08/03/2000 05:07p 60,176 Ssinc.dll Alpha 08/03/2000 05:07p 39,696 Sspifilt.dll Alpha 08/03/2000 05:07p 384,272 W3svc.dll Alpha Microsoft Windows NT Server version 4.0, Terminal Server EditionTo resolve this problem, obtain the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP). For more information about the SRP, click the following article number to view the article in the Microsoft Knowledge Base:317636 (http://support.microsoft.com/kb/317636/)
Windows NT Server 4.0, Terminal
Server Edition, Security Rollup Package
STATUSMicrosoft has confirmed that this is a problem in Internet
Information Services 5.0 and Internet Information Server 4.0.
MORE INFORMATION Additional information about this issue is available from
the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/MS00-057.mspx (http://www.microsoft.com/technet/security/bulletin/MS00-057.mspx) You can find frequently asked questions about this vulnerability
at the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/fq00-057.mspx (http://www.microsoft.com/technet/security/bulletin/fq00-057.mspx)
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Help and Support
Back to the top
|
