You are currently offline, waiting for your internet to reconnect

MS07-041: Vulnerability in Internet Information Services could allow remote code execution

Microsoft has released security bulletin MS07-041. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Known issue with this security update

Internet Information Services (IIS) 5.1 is an optional component in Microsoft Windows XP Professional Service Pack 2 (SP2). Windows Update offers this security update only if the IIS 5.1 component is installed on the computer.

If you download this security update from the Microsoft Download Center and manually try to install this security update on a Windows XP Professional SP2-based computer that does not have the IIS 5.1 component installed, you receive an error message. This error message indicates that a prerequisite is missing and that the security update will not be installed. This behavior is expected.

You can use the /quiet switch to suppress all messages.

Administrators should use one of the supported methods to verify that the installation is successful when they use the /quiet switch. Administrators should expect to receive error messages in the Kb939373.log file when the IIS 5.1 component is not installed.
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT WinXP

Article ID: 939373 - Last Review: 07/10/2007 18:28:00 - Revision: 1.0

  • Microsoft Windows XP Professional SP2
  • kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbsecbulletin kbpubtypekc kbexpertiseinter KB939373