This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 and 5.1. A complete listing of the patches superseded by this patch is provided below, in the section titled "Additional information about this patch". Before applying the patch, system administrators should take note of the caveats discussed in the same section.

In addition to including previously released security patches, this patch also includes fixes for the following newly discovered security vulnerabilities affecting IIS 4.0, 5.0 and/or 5.1:

Full article is here (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp)

We have been running the hotfixes for a couple of days now and they seem stable, no major problems.

Some more info:

http://www.theregus.com/content/4/24598.html

Yet another reason not to use MS :eek:

-JFC

Those darn MS people :)

You know, Windows _usually_ isn't so bad, it's just a problem when you provide an interface to the system is when you have problems. Oh, right...

I think, even though Apache is still just claimed as BETA, that you'd be far better off using Apache, over IIS any day. For years and years, IIS has constantly released insecure versions -- and it's just a matter of time until this new fix/patch or new version will be exploited. I have used Windows and I've used IIS, but I've always reverted to Apache on it if I did. Using Windows for a web server is bad enough, but to use IIS, you may as well plan to never relax again in your life (or as long as you use IIS anyway).