COMMAND

    IIS

SYSTEMS AFFECTED

    Microsoft Internet Information Server 4.0

PROBLEM

    Following is  based on  a Microsoft  Security Bulletin (MS00-063).
    If an affected  web server received  a particular type  of invalid
    URL, it could, under certain  conditions, start a chain of  events
    that would culminate in an invalid memory request that would cause
    the  IIS  service  to  fail.   This  would prevent the server from
    providing web services.

    This vulnerability does not provide the opportunity to  compromise
    any data on the server  or to usurp any administrative  privileges
    on the server.  An affected machine could be put back into service
    by restarting the IIS service.

    Although the effect of the vulnerability manifests itself through
    IIS, the underlying problem actually lies within Windows NT 4.0.
    Microsoft engineers worked extensively to identify scenarios for
    exploiting the vulnerability directly through Windows NT 4.0, but
    did not find any - the only scenarios identified to date involve
    IIS.

    Microsoft  thanks  Peter  Grundl  of  VIGILANTe for reporting this
    issue to them.  He added following.

    A certain series of  requests can cause INETINFO.EXE  to gradually
    consume all system ressources (99-100% CPU and all memory).   When
    the pagefile can't expand  any further, INETINFO.EXE is  killed by
    the operating system, with possibly a dialogue box on your  screen
    stating that the system is running low on virtual memory.   During
    testing it was found that usually you wouldn't even see this  box.
    It requires a restart of the www service for IIS to start  working
    again.  Initially we believed this  to be a problem with IIS,  but
    Microsoft has pointed  out that this  is a problem  within Windows
    NT  4.0  (which  might  explain  why  we  couldn't reproduce it on
    Internet Information  Server 5.0).   For this  reason, you  should
    probably   consider   applying   the   patch   on  any  production
    environments, running on Windows NT 4.0.

SOLUTION

    Patch availability:

        - Microsoft Windows NT 4.0 Workstation, Server and Server, Enterprise Edition:
          http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24079 -
        - Microsoft Windows NT 4.0 Server, Terminal Server Edition:
          To be released shortly

    This is (eventually)  a post SP6a  fix.  Note  that it works  with
    SP5 , but with SP4 will stop Your machine.