Microsoft KB Archive/190143

= IIS 4.0 Crashes or IIS 3.0 Generates Corrupted Log Data for HTTPS =

Article ID: 190143

Article Last Modified on 6/5/2006

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q190143



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When HTTPS connections are used, the following may occur:


 * Internet Information Server (IIS) 4.0 may stop responding (crash) when it receives an invalid SSL3 package.
 * IIS 4.0 may stop responding when a browser sends the packages in a certain order.
 * IIS 3.0 may generate a corrupted IIS log for the above situation, such as xxx.xxx.xxx.xxx (IP address), -, 6/30/98, 0:51:42, W3SVC, N004B2I0300, 192.168.129.71, 594, 23, 203, 404, 3, A[ASCII 174]JVh[ASCII 154], U[ASCII 227]#[ASCII 243]LI&u[ASCII 129]_%[ASCII 225][ASCII 129]&[ASCII 215][ASCII 136], -,



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack



STATUS
Microsoft has confirmed this to be a problem in Internet Information Server versions 3.0 and 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.

Additional query words: sp hot fix qfe iissecurity iisgeneral ntsecurity

Keywords: kbbug kbfix kbqfe kbhotfixserver KB190143

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.