This security update resolves a privately reported vulnerability in Microsoft Internet Information Services (IIS) that could lead to a bypass of the “IP and domain restrictions” security feature. Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources.
This security update is rated Important for all supported editions of Microsoft Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 RTM. The security update addresses the vulnerability by changing how IIS handles requests when specific IP and domain restriction configurations exist.
For more information about this document, see Microsoft Knowledge Base Article 2982998.