"Microsoft Internet Information Server Version
Microsoft has been developing workarounds and patches to close Microsoft Internet Information Server 4.0 vulnerabilities initially reported by EEYE and WIRED news. Microsoft has now completed and released a patch for IIS 4.0 addressing these vulnerabilities, available at http://www.microsoft.com/security/bulletins/ms99-019.asp.
NIPC strongly recommends that relevant systems be checked and the updated patch be applied in place of earlier workarounds that may have been used. More information on these vulnerabilities and protection against them is available from either Microsoft or the Carnegie Mellon CERT web homepage.
Please report information on and damage from exploits targeting these vulnerabilities to your local FBI office, the NIPC, or military or civilian computer incident response team, as appropriate. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/5/6 from 6:00 a.m. to 11:00 p.m. Washington, D.C. local time, or e-mail email@example.com.