NIPC ADVISORY 99-015 1 Microsoft Internet Information Server Version 4 0 June 18 1999 Microsoft has been developing workarounds and patches to close Microsoft Internet Information Server 4 0 vulnerabilities initially reported by EEYE and WIRED news Microsoft has now completed and released a patch for IIS 4 0 addressing these vulnerabilities available at http www microsoft com security bulletins ms99-019 asp NIPC strongly recommends that relevant systems be checked and the updated patch be applied in place of earlier workarounds that may have been used More information on these vulnerabilities and protection against them is available from either Microsoft or the Carnegie Mellon CERT web homepage Please report information on and damage from exploits targeting these vulnerabilities to your local FBI office the NIPC or military or civilian computer incident response team as appropriate The NIPC Watch and Warning Unit can be reached at 202 323-3204 5 6 from 6 00 a m to 11 00 p m Washington D C local time or e-mail nipc watch@fbi gov