COMMAND

    IIS

SYSTEMS AFFECTED

    WinNT

PROBLEM

    Michael Brennen gound following.  He had a 'patch event'  applying
    the re-released malformed header patch.  For more info take a look
    at:

        http://oliver.efri.hr/~crv/security/bugs/NT/iis42.html

    Michael  went  through  the   Microsoft  security  bulletins   and
    carefully checked  the dates  before downloading  and applying the
    patch.  He  did not apply  the first release  of the patch  before
    applying the updated one.  This is  on an NT 4.0 SP5 system.   The
    re-released  patch  itself  caused  a  very  effective  denial  of
    service.   Once  applied,  the  Web  server  would no longer serve
    pages;  the  browser  hung  with  the  message  'Host  www.....com
    contacted; Waiting for reply....".

    He repeated  the procedure,  applying the  patch after  reapplying
    SP5; the DoS repeated  after applying the malformed  header patch.
    Reapplying SP5 repaired the patch.  The event logs did not  report
    anything out of the ordinary.

SOLUTION

    Reapplying SP5 corrected the problem.