This security update resolves a privately reported vulnerability in Microsoft Internet Information Services (IIS) that could lead to a bypass of the “IP and domain restrictions” security feature. Successful exploitation of this vulnerability could result in clients from restricted or blocked domains having access to restricted web resources.
This security update is rated Important for all supported editions of Microsoft Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 RTM. The security update addresses the vulnerability by changing how IIS handles requests when specific IP and domain restriction configurations exist.
For more information about this document, see Microsoft Knowledge Base Article 2982998.
English Version
http://technet.microsoft.com/en-us/security/bulletin/MS14-076
简体中文版
http://technet.microsoft.com/zh-cn/security/bulletin/MS14-076
Responses to “MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)”
Back Top
Leave a Reply