MS01-044: IIS 5.0 Security and Post-Windows NT 4.0 SP5 IIS 4.0 Patch Rollup

Article translations Article translations
Article ID: 297860
This article was previously published under Q297860
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Summary

Microsoft has released a rollup package for Internet Information Services (IIS) 5.0 and Internet Information Server (IIS) 4.0 that includes the functionality from all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT 4.0 Service Pack 5.

This article provides a timeline and the fixes included with each release.

More information

NOTE: These patches do not include fixes for vulnerabilities involving non-IIS products, such as the Front Page Server Extensions and Index Server, even though these products are closely associated with IIS and typically installed on IIS servers. There is, however, one exception for the August 15, 2001 release. The fix for the vulnerability affecting Index Server which is discussed in Microsoft Security Bulletin MS01-033 is included in this patch because of the seriousness of the issue for IIS servers. At the time this article was written, the Microsoft Security Bulletins that discuss these vulnerabilities are as follows:
Microsoft Security Bulletin MS01-043

Microsoft Security Bulletin MS01-025

Microsoft Security Bulletin MS00-084

Microsoft Security Bulletin MS00-006
NOTE: The fixes for the following vulnerabilities that affect IIS 4.0 are not included in the patch because they require administrative action instead of a software change. Administrators should ensure that in addition to applying this patch, they also take the administrative action discussed in the following bulletins:
Microsoft Security Bulletin MS00-028

Microsoft Security Bulletin MS00-025

Microsoft Security Bulletin MS99-025 (which discusses the same issue as Microsoft Security Bulletin MS98-004)

Microsoft Security Bulletin MS99-013

January 30, 2002

Internet Information Services 5.0

To resolve this problem, either obtain the hotfix referenced in this section or Windows 2000 Security Rollup Package 1 (SRP1). For additional information about SRP1, click the article number below to view the article in the Microsoft Knowledge Base:
311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002

August 15, 2001

For more information on this release, see the following Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms01-044.mspx
NOTE: These patches supersede those provided in the following security bulletins:
Microsoft Security Bulletin MS01-033

Microsoft Security Bulletin MS01-026 (May 14, 2001 release of the IIS security rollup package)

Internet Information Services 5.0

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q301625_W2K_SP3_x86_en.exe now
NOTE: This patch can be installed on systems running Windows 2000 Service Pack 1 or Windows 2000 Service Pack 2. You must reapply the security rollup patch after you install a Windows 2000 Service Pack.

Release Date: August 15, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. In addition to the "superceded patches" listed above, this cumulative package contains the fixes discussed in the following Microsoft Knowledge Base articles:
294774 IIS loads ISAPI Extension In-process Even When Application is Marked for High Isolation
298340 Patch Available for WebDAV Denial of Service
301625 Patch Available for SSI Privilege Elevation Vulnerability
304867 Patch Available for MIME Header Denial of Service Vulnerability

Internet Information Server 4.0

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q301625i.exe now

NOTE: Q301625is.exe contains the Symbols files.
NOTE: This patch can be installed on systems running Windows NT 4.0 Service Pack 5 or Windows NT 4.0 Service Pack 6a. IIS is not intended for use on Windows NT Server 4.0, Terminal Server Edition, and is not supported. Microsoft recommends that customers running IIS 4.0 on Windows NT Server 4.0, Terminal Server Edition, protect their systems by uninstalling IIS 4.0.

Release Date: August 15, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. In addition to the "superceded patches" listed above, this cumulative package contains the fixes discussed in the following Microsoft Knowledge Base article:
301625 Patch Available for SSI Privilege Elevation Vulnerability

May 14, 2001

For more information on this release, see the following Microsoft Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms01-026.asp

Internet Information Services 5.0

To resolve this problem, either obtain the hotfix referenced in this section or the Windows 2000 Post-Service Pack 2 Security Rollup Package 1 (SRP1). For additional information about SRP1, click the article number below to view the article in the Microsoft Knowledge Base:
311401 Windows 2000 Post-Service Pack 2 Security Rollup Package 1 (SRP1), January 2002
The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q293826_W2K_SP3_x86_en.exe now
NOTE: This patch can be installed on systems running Windows 2000 Gold, Windows 2000 Service Pack 1, or Windows 2000 Service Pack 2. You must reapply the security rollup patch after you install a Windows 2000 Service Pack.

Release Date: May 14, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. This cumulative package contains the following fixes:
Microsoft Security Bulletin MS01-023

Microsoft Security Bulletin MS01-016

Microsoft Security Bulletin MS01-014

Microsoft Security Bulletin MS01-004

Microsoft Security Bulletin MS00-100

Microsoft Security Bulletin MS00-086

Microsoft Security Bulletin MS00-080

Microsoft Security Bulletin MS00-078

Microsoft Security Bulletin MS00-060

Microsoft Security Bulletin MS00-058

Microsoft Security Bulletin MS00-057

Microsoft Security Bulletin MS00-044

Microsoft Security Bulletin MS00-031

Microsoft Security Bulletin MS00-030

Microsoft Security Bulletin MS00-023

Microsoft Security Bulletin MS00-019

Internet Information Server 4.0

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q295534i.exe now

NOTE: Q295534is.exe contains the Symbols files.
These fixes are also installed if you apply the Windows NT 4.0 Security Rollup Package (SRP). For additional information on the SRP, click the article number below to view the article in the Microsoft Knowledge Base:
299444 Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)
NOTE: This patch can be installed on systems running Windows NT 4.0 Service Pack 5 or Windows NT 4.0 Service Pack 6a. IIS is not intended for use on Windows NT Server 4.0, Terminal Server Edition, and is not supported. Microsoft recommends that customers running IIS 4.0 on Windows NT Server 4.0, Terminal Server Edition, protect their systems by uninstalling IIS 4.0.

Release Date: May 14, 2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. This cumulative package contains the following fixes:
Microsoft Security Bulletin MS01-004

Microsoft Security Bulletin MS00-100

Microsoft Security Bulletin MS00-086

Microsoft Security Bulletin MS00-080

Microsoft Security Bulletin MS00-078

Microsoft Security Bulletin MS00-063

Microsoft Security Bulletin MS00-060

Microsoft Security Bulletin MS00-057

Microsoft Security Bulletin MS00-044

Microsoft Security Bulletin MS00-031

Microsoft Security Bulletin MS00-030

Microsoft Security Bulletin MS00-023

Microsoft Security Bulletin MS00-019

Microsoft Security Bulletin MS00-018

Microsoft Security Bulletin MS99-061

Microsoft Security Bulletin MS99-058

Microsoft Security Bulletin MS99-053

Microsoft Security Bulletin MS99-039

Microsoft Security Bulletin MS99-029

Microsoft Security Bulletin MS99-022

Microsoft Security Bulletin MS99-019

Microsoft Security Bulletin MS99-003

Properties

Article ID: 297860 - Last Review: November 3, 2013 - Revision: 7.0
Keywords: 
kbnosurvey kbarchive kbgraphxlinkcritical kbinfo kbsecbulletin kbsechack kbsecurity kbsecvulnerability kbwin2000presp3fix KB297860

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com