Microsoft KB Archive/188348

= Specially-Malformed FTP Requests May Create Denial of Service =

Article ID: 188348

Article Last Modified on 9/22/2005

-

APPLIES TO


 * Microsoft Internet Information Server 3.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q188348



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Specially-malformed FTP requests may create a Denial of Service in the FTP service, which causes Internet Information Server (IIS) to stop responding and generate an Access Violation error message.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:


 * http://www.microsoft.com/windows/servicepacks/ -or-


 * 152734 how to obtain the latest windows nt 4.0 service pack

For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp

IIS 4.0
The IIS 4.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as Ftpls4i.exe (x86) and Ftpls4a.exe (Alpha):

US English:

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/

French:

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/frn/security/ftpls-fix/

IIS 3.0
The IIS 3.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as Ftpls3i.exe (x86) and Ftpls3a.exe (Alpha):

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/



STATUS
Microsoft has confirmed this to be a problem in Internet Information Server versions 3.0 and 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 5.

Additional query words: IIS hotfix hot fix qfe quick engineering patch

Keywords: kbbug kbfix kbqfe kbhotfixserver KB188348

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.