SPI Labs and NSFocus have
discovered multiple holes in IIS. Two denial of service conditions exist that can allow an
attacker to cause IIS to stop responding. One Cross site scripting issue exists in the 302 redirection
pages, and one buffer overflow that allows command execution as the webserver user. The buffer
overflow requires the user to have upload ability, and Server Side Include permissions.
Fix:
To apply this patch run windows update and install patch "Q811114:"