From Microsoft: This update resolves two security vulnerabilities in Internet Information Services (IIS) 5.0, the "Absent Directory Browser Argument" vulnerability and the "File Fragment Reading via .HTR" vulnerability. Install this update to prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. An .htr file is a script that Windows NTÃ????Ã???Ã??Ã?Â® users can use to change passwords, and that administrators can use to perform a variety of password administration functions. Neither of these vulnerabilities allow data to be changed, added, or deleted on the server, nor do they allow administrative control over an affected computer.
read more +