If an affected Web server receives a particular type of invalid URL, it could, under certain conditions, start a chain of events that would culminate in an invalid memory request that would cause the IIS service to fail. This would prevent the server from providing Web services. This vulnerability does not provide the opportunity to compromise any data on the server or to usurp any administrative privileges on the server. An affected machine could be put back into service by restarting the IIS service. Although the effect of the vulnerability manifests itself through IIS, the underlying problem actually lies within Windows NT 4.0. However, the only scenarios identified to date involve IIS. Nevertheless, it is possible that scenarios for exploiting the vulnerability through Windows NT 4.0 do exist, and as a result, customers using Windows NT 4.0 should consider applying the patch.
||Windows NT, Microsoft Internet Information Server 4.0