Microsoft has released a critical update patch that fixes 10 newly discovered security problems with IIS Web servers running on Windows XP, Windows 2000, and Windows NT 4.0. The company recommends that all users of these products immediately download and install the patch, which affects Internet Information Server (IIS) 4.0 and Internet Information Services (IIS) 5.0 and 5.1. The massive security patch comes just days after Microsoft released its Baseline Security Advisor, which scans Windows systems for security problems in the underlying OS and in IIS and Microsoft SQL Server.
"If you are operating a Web site, a recently identified security vulnerability could allow an attacker to take over your computer," a Microsoft release reads. "The attacker could then do anything that you can do, such as change Web pages, install and run software, or reformat the hard drive. Even rarely visited Web sites could be attacked via a virus or worm."
XP users will automatically receive the patch through that OS's Automatic Update feature. Win2K users can download the patch from Windows Update. NT 4.0 users can manually download the patch from Microsoft Web site.