FP2000: MS00-100: Patch for Malformed Web Form Submission Security Vulnerability View products that this article applies to. Article ID : 280322 Last Review : April 23, 2003 Revision : 1.0 This article was previously published under Q280322 On This Page SYMPTOMS RESOLUTION Microsoft Windows 2000 Microsoft Windows NT 4.0 Microsoft Windows NT Server version 4.0, Terminal Server Edition STATUS Windows 2000 Windows NT 4.0 and Windows NT Server version 4.0, Terminal Server Edition MORE INFORMATION APPLIES TO SYMPTOMS Microsoft has released a patch that eliminates a security vulnerability in a component that is included with Microsoft Internet Information Server (IIS). The vulnerability could potentially allow an attacker to prevent an affected Web server from providing useful service. The FrontPage Server Extensions are included with and installed by default as part of IIS 4.0 and 5.0. The most familiar functions of FrontPage Server Extensions allow Web site and content management; however, FrontPage Server Extensions also provide browse-time support functions. Included in the latter category are functions that help process Web forms that users submit. A vulnerability exists in one of these functions. If a malicious user levied a specially malformed form submission to an affected server, this would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FrontPage Server Extensions administrative or content management functions. To resume normal operation on an IIS 4.0 server, the operator must restart the service. In contrast, if an IIS 5.0 server was attacked via this vulnerability, the IIS service would, by default, automatically restart almost immediately. Although any Web sessions that were in progress at the time of the attack would be lost, the server would be able to accept new connections as soon as the service was restarted. NOTE: In keeping with best practices, Microsoft recommends that the FrontPage Server Extensions be turned off if not needed. Back to the top RESOLUTION Microsoft Windows 2000 To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 260910 (http://support.microsoft.com/kb/260910/EN-US/) How to Obtain the Latest Windows 2000 Service Pack The following file is available for download from the Microsoft Download Center: Download Q280322_w2k_sp2_x86_en.exe now (http://www.microsoft.com/downloads/release.asp?releaseid=26277) For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base: 119591 (http://support.microsoft.com/kb/119591/EN-US/) How to Obtain Microsoft Support Files from Online Services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. Date Time Version Size File name ----------------------------------------------------- 11/10/2000 10:21 pm 4.0.2.4701 593,976 Fp4autl.dll Back to the top Microsoft Windows NT 4.0 To resolve this problem, obtain the individual package referenced below or obtain the Windows NT 4.0 Security Rollup Package. For additional information on the SRP, click the article number below to view the article in the Microsoft Knowledge Base: 299444 (http://support.microsoft.com/kb/299444/EN-US/) Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP) The following file is available for download from the Microsoft Download Center: Download Q280322i.exe now (http://www.microsoft.com/downloads/release.asp?releaseid=26704) For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base: 119591 (http://support.microsoft.com/kb/119591/EN-US/) How to Obtain Microsoft Support Files from Online Services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. Date Time Version Size File name ------------------------------------------------------ 11/10/2000 10:21 pm 4.0.2.4701 593,976 Fp4autl.dll NOTE: This patch can be applied to systems that are running Windows NT 4.0 Service Pack 5 or 6a. Back to the top Microsoft Windows NT Server version 4.0, Terminal Server Edition FrontPage Server Extensions are included as part of the Windows NT 4.0 Option Pack which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for FrontPage Server Extensions have been provided as part of the Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package (SRP) only for customers who have installed the Option Pack to protect their computers during the migration to a supported operating system. For additional information about the SRP, click the article number below to view the article in the Microsoft Knowledge Base: 317636 (http://support.microsoft.com/kb/317636/EN-US/) Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package Back to the top STATUS Windows 2000 Microsoft has confirmed that this problem may cause a degree of security vulnerability in FrontPage 2000 Server Extensions. Back to the top Windows NT 4.0 and Windows NT Server version 4.0, Terminal Server Edition Microsoft has confirmed that this problem may cause a degree of security vulnerability in FrontPage 2000 Server Extensions.